VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability

2009-04-1000:00:00

www.vmware.com

6.8 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

30.9%

JSON

a. Host code execution vulnerability from a guest operating systemA critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host.This issue is different from the vulnerability in a guest virtual device driver reported in VMware security advisory VMSA-2009-0005 on 2009-04-03. That vulnerability can cause a potential denial of service and is identified by CVE-2008-4916. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1244 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available.

CPENameOperatorVersion
workstationlt6.5.2 build 156735
playerlt2.5.2 build 156735
acelt2.5.2 build 156735
serverlt2.0.1 build 156745
serverlt1.0.9 build 156507
fusionlt2.0.4 build 159196
esxiltESXe350-200904201-O-SG
esxltESX350-200904201-SG
esxltESX303-200904403-SG
esxltESX-1008421

Name	Operator	Version
workstation	lt	6.5.2 build 156735
player	lt	2.5.2 build 156735
ace	lt	2.5.2 build 156735
server	lt	2.0.1 build 156745
server	lt	1.0.9 build 156507
fusion	lt	2.0.4 build 159196
esxi	lt	ESXe350-200904201-O-SG
esx	lt	ESX350-200904201-SG
esx	lt	ESX303-200904403-SG
esx	lt	ESX-1008421