500 matches found
VMware Tools Update OS Command Injection
VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Y...
VMware Tools - Update OS Command Injection
VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Y...
VMware Tools - Update OS Command Injection
VMware Tools - Update OS Command Injection VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Informati...
VMware Fusion < 3.1.2 (VMSA-2010-0018)
The version of VMware Fusion installed on the Mac OS X host is earlier than 3.1.2. Such versions are affected by three security issues : - A race condition in the mounting process in vmware-mount in allows host OS users to gain privileges via vectors involving temporary files. CVE-2010-4295 - The...
VMware Products Multiple Vulnerabilities (VMSA-2010-0018)
A VMware product Player, Workstation, Server, or Movie Decoder detected on the remote host has one or more of the following vulnerabilities : - A vulnerability in VMware Tools update could allow arbitrary code execution on non-Windows based guest operating systems with root privileges...
Memory corruption
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via unspecified vectors...
ACROS Security: Remote Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-1)
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2010-04-12-1 ------------------------------------------------------------------------- ASPR 2010-04-12-1: Remote Binary Planting in VMware Tools for Windows...
ACROS Security: Local Binary Planting in VMware Tools for Windows (ASPR #2010-04-12-2)
=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2010-04-12-2 ------------------------------------------------------------------------- ASPR 2010-04-12-2: Local Binary Planting in VMware Tools for Windows...
CVE-2010-1141
CVE-2010-1141 affects VMware Tools and related VMware host components (Workstation, Player, ACE, Server, Fusion, ESXi/ESX). The flaw is improper access/loading of libraries, enabling a user-assisted remote attacker to trigger arbitrary code execution by convincing a Windows guest OS user to click...
VMware vulnerability instance analysis – one of the shared folders directory traversal vulnerability-vulnerability warning-the black bar safety net
Author: vxasm mail: [email protected] Time: 2008-10-5 A noun is defined Host machine: running VMware software real host; Guest machine: installed in the VMware software in the virtual system; Backdoor: VMware have their own proprietary“Backdoor I/O Port”command, the Host and the Guest between al...
Memory corruption
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode...
CVE-2007-5671
CVE-2007-5671 is a VMware Tools local privilege-escalation issue in the guest HGFS driver (HGFS.sys) present in VMware Workstation/Player/ACE/Server and ESX/ESXi components. The flaw arises from improper validation of arguments to user-mode IOCTLs to .\hgfs, enabling a guest user to modify kernel...
VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0009 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX,...
VMware Tools HGFS.Sys驱动本地权限提升漏洞
BUGTRAQ ID: 26556 VMware Tools是VMWare为每一种Guest OS提供一个软件包,用于增强Guest OS的显示和鼠标功能。 VMware Tools的HGFS.Sys驱动实现上存在漏洞,本地攻击者可以利用此漏洞执行任意内核态指令。 VMWare Tools 3.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.vmware.com http://www.sebug.net/exploit/2602.html...
VMware Tools hgfs.sys Local Privilege Escalation Vulnerability Exploit
No description provided by source. / VMware Tools hgfs.sys Local Privilege Escalation Vulnerability Exploit Created by SoBeIt Main file of exploit Tested on: Windows XP PRO SP2 Chinese Windows XP PRO SP2 English...
VMware Tools 3.1 - 'HGFS.Sys' Local Privilege Escalation
// source: https://www.securityfocus.com/bid/26556/info VMware Tools is prone to a privilege-escalation vulnerability. The application fails to properly drop privileges before performing certain functions. An attacker can exploit this in the guest opertaing system to elevate privileges in the hos...
VMware Tools 3.1 - HGFS.Sys Local Privilege Escalation
VMware Tools 3.1 - HGFS.Sys Local Privilege Escalation // source: https://www.securityfocus.com/bid/26556/info VMware Tools is prone to a privilege-escalation vulnerability. The application fails to properly drop privileges before performing certain functions. An attacker can exploit this in the...
CVE-2007-1056
VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is...
[Full-disclosure] VMware Workstation multiple denial of service and isolation manipulation vulnerabilities
Suggested severity level: Medium. Type of Risk: Denial of Service, Privilege Elevation, Un-authorize Access. Affected Software: VMware Workstation, version 5.5.3 build 34685 including installation of "VMware Tools" of the same version, in the guest OS. Older versions and other products by the...
Vmare workstation guest isolation weaknesses (clipboard transfer)
Suggested severity level: Low Type of Risk: isolation failure, information leakage, infection path Affected Software: VMware Workstation, version 5.5.3 build 34685 including installation of "VMware tools" of the same version on the guest OS. Other products by the vendor using the same isolation...