Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_WORKSTATION_MULTIPLE_VMSA_2016_0014.NASL
HistorySep 15, 2016 - 12:00 a.m.

VMware Workstation 12.x < 12.5.0 Multiple Vulnerabilities (VMSA-2016-0014)

2016-09-1500:00:00
This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

49.2%

JSON

The version of VMware Workstation installed on the remote host is 12.x prior to 12.5.0. It is, therefore, affected by multiple vulnerabilities :

  • A heap buffer overflow condition exists in Cortado ThinPrint due to improper validation of user-supplied input. An attacker on the guest can exploit this to cause a denial of service condition or the execution of arbitrary code on the host system. (CVE-2016-7081)

  • A memory corruption issue exists in Cortado Thinprint due to improper handling of specially crafted EMF files.
    An attacker on the guest can exploit this to cause a denial of service condition or the execution of arbitrary code on the host system. (CVE-2016-7082)

  • A memory corruption issue exists in Cortado Thinprint due to improper handling of TrueType fonts embedded in EMFSPOOL. An attacker on the guest can exploit this to cause a denial of service condition or the execution of arbitrary code on the host system. (CVE-2016-7083)

  • A memory corruption issue exists in Cortado Thinprint due to improper handling of specially crafted JPEG2000 images. An attacker on the guest can exploit this to cause a denial of service condition or the execution of arbitrary code on the host system. (CVE-2016-7084)

  • A flaw exits due to improper loading of some dynamic link library (DLL) files that allows an attacker to load a DLL file and thereby execute arbitrary code.
    (CVE-2016-7085)

  • A flaw exists in the Workstation installer due to insecure loading of executables. An attacker can exploit this, via a crafted application named ‘setup64.exe’ inserted into the same directory as the installer, to execute arbitrary code. (CVE-2016-7086)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(93521);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/15");

  script_cve_id(
    "CVE-2016-7081",
    "CVE-2016-7082",
    "CVE-2016-7083",
    "CVE-2016-7084",
    "CVE-2016-7085",
    "CVE-2016-7086"
  );
  script_bugtraq_id(
    92934,
    92935,
    92940,
    92941
  );
  script_xref(name:"VMSA", value:"2016-0014");

  script_name(english:"VMware Workstation 12.x < 12.5.0 Multiple Vulnerabilities (VMSA-2016-0014)");
  script_summary(english:"Checks the VMware Workstation version.");

  script_set_attribute(attribute:"synopsis", value:
"A virtualization application installed on the remote host is affected
by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of VMware Workstation installed on the remote host is
12.x prior to 12.5.0. It is, therefore, affected by multiple
vulnerabilities :

  - A heap buffer overflow condition exists in Cortado
    ThinPrint due to improper validation of user-supplied
    input. An attacker on the guest can exploit this to
    cause a denial of service condition or the execution of
    arbitrary code on the host system. (CVE-2016-7081)

  - A memory corruption issue exists in Cortado Thinprint
    due to improper handling of specially crafted EMF files.
    An attacker on the guest can exploit this to cause a
    denial of service condition or the execution of
    arbitrary code on the host system. (CVE-2016-7082)

  - A memory corruption issue exists in Cortado Thinprint
    due to improper handling of TrueType fonts embedded in
    EMFSPOOL. An attacker on the guest can exploit this to
    cause a denial of service condition or the execution of
    arbitrary code on the host system. (CVE-2016-7083)

  - A memory corruption issue exists in Cortado Thinprint
    due to improper handling of specially crafted JPEG2000
    images. An attacker on the guest can exploit this to
    cause a denial of service condition or the execution of
    arbitrary code on the host system. (CVE-2016-7084)

  - A flaw exits due to improper loading of some dynamic
    link library (DLL) files that allows an attacker to load
    a DLL file and thereby execute arbitrary code.
    (CVE-2016-7085)

  - A flaw exists in the Workstation installer due to
    insecure loading of executables. An attacker can exploit
    this, via a crafted application named 'setup64.exe'
    inserted into the same directory as the installer, to
    execute arbitrary code. (CVE-2016-7086)");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2016-0014.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to VMware Workstation 12.5.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7086");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vmware_workstation_detect.nasl");
  script_require_keys("SMB/Registry/Enumerated", "installed_sw/VMware Workstation");

  exit(0);
}

include('vcf.inc');

get_kb_item_or_exit('SMB/Registry/Enumerated');

var app_info = vcf::get_app_info(app:'VMware Workstation', win_local:TRUE);

vcf::check_granularity(app_info:app_info, sig_segments:2);

var constraints = [
  { 'min_version' : '12.0', 'fixed_version' : '12.5.0'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
vmwareworkstationcpe:/a:vmware:workstation

Related

openvas 3
vmware 2
nessus 1
kaspersky 1
prion 6
cvelist 6
nvd 6
cve 6
zdt 2
zdi 1
packetstorm 1
openvas
openvas
VMware Workstation Multiple Code Execution Vulnerabilities (Feb 2017) - Windows
2017-02-03 00:00:00
VMware Workstation Player Multiple Code Execution Vulnerabilities (Feb 2017) - Windows
2017-02-03 00:00:00
VMware ESXi updates address multiple security issues (VMSA-2016-0014)
2016-09-16 00:00:00
vmware
vmware
VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues
2016-09-13 00:00:00
VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues
2016-09-13 00:00:00
nessus
nessus
VMSA-2016-0014 : VMware ESXi, Workstation, Fusion, &amp; Tools updates address multiple security issues
2016-09-15 00:00:00
kaspersky
kaspersky
KLA10933 Multiple vulnerabilities in VMware Workstation Pro and VMware Workstation Player
2016-12-29 00:00:00
prion
prion
Memory corruption
2016-12-29 09:59:00
Memory corruption
2016-12-29 09:59:00
Memory corruption
2016-12-29 09:59:00
cvelist
cvelist
CVE-2016-7082
2016-12-29 09:02:00
CVE-2016-7086
2016-12-29 09:02:00
CVE-2016-7083
2016-12-29 09:02:00
nvd
nvd
CVE-2016-7082
2016-12-29 09:59:00
CVE-2016-7084
2016-12-29 09:59:00
CVE-2016-7083
2016-12-29 09:59:00
cve
cve
CVE-2016-7084
2016-12-29 09:59:00
CVE-2016-7083
2016-12-29 09:59:00
CVE-2016-7082
2016-12-29 09:59:00
zdt
zdt
VMware Workstation - vprintproxy.exe TrueType NAME Tables Heap Buffer Overflow
2016-09-19 00:00:00
VMware Workstation - vprintproxy.exe JPEG2000 Images Multiple Memory Corruptions
2016-09-19 00:00:00
zdi
zdi
ThinPrint TPClnt/TPView Heap-based Buffer Overflow Privilege Escalation Vulnerability
2017-06-02 00:00:00
packetstorm
packetstorm
VMWare Player 7.1.3 DLL Hijacking
2018-08-02 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

49.2%

JSON
Related for VMWARE_WORKSTATION_MULTIPLE_VMSA_2016_0014.NASL
openvas3vmware2nessus1kaspersky1prion6cvelist6nvd6cve6zdt2zdi1packetstorm1