6 matches found
NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2013-0014 Synopsis: VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation Issue date: 2013-12-03 Updat...
VMware Fusion 5.x < 5.0.4 LGTOSYNC.SYS Privilege Escalation (VMSA-2013-0014)
The version of VMware Fusion 5.x installed on the remote Mac OS X host is prior to 5.0.4. It is, therefore, reportedly affected by a privilege escalation vulnerability in the LGTOSYNC.SYS driver on 32-bit Guest Operating Systems running Windows XP. Note that by exploiting this issue, a local...
VMware Player 5.x < 5.0.3 LGTOSYNC.SYS Guest Privilege Escalation (VMSA-2013-0014)
The installed version of VMware Player 5.x running on Windows is earlier than 5.0.3. It therefore reportedly contains a vulnerability in its handling in the LGTOSYNC.SYS driver. This issue could allow a local, malicious user to escalate privileges on 32-bit Guest Operating Systems running Windows...
CVE-2013-3519
CVE-2013-3519 concerns a privilege-escalation flaw in VMware’s LGTOSYNC.SYS driver. A crafted memory allocation could allow a guest OS user to gain guest-OS privileges on 32-bit Windows guests. Affected products/versions (per VMSA-2013-0014 and associated advisories): VMware Workstation 9.x befor...
VMware Workstation 9.x < 9.0.3 Multiple Privilege Escalation Vulnerabilities (VMSA-2013-0013 / VMSA-2013-0014)
The installed version of VMware Workstation 9.x is prior to 9.0.3. It is, therefore, affected by multiple local privilege escalation vulnerabilities : - An issue exists in the handling of shared libraries that could allow a local, malicious user to escalate privileges on Linux hosts. CVE-2013-597...
ESXi 5.0 < Build 1022489 Multiple Vulnerabilities (remote check)
The remote VMware ESXi 5.0 host is affected by the following vulnerabilities : - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, t...