Multiple vulnerabilities in VMware

Description

Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to obtain sensitive information, hijack a session or cause denial of service. Below is a complete list of vulnerabilities

1. Improperly restrictions can be exploited remotely via a specially designed master key or TLS handshake;
2. Improper buffer management can be exploited remotely at a point related to alert conditions;
3. Race conditions can be exploited remotely via a specially designed environment;
4. Vectors related to the ECFH cipher can be exploited remotely via a specially designed certificate.

Original advisories

• VMware bulletin

Exploitation

Public exploits exist for this vulnerability.

Related products

• VMware-Workstation
• VMware-Player
• VMware-vSphere-Client
• VMware-Fusion
• VMware-Horizon-View-Client

CVE list

• CVE-2014-0198
  warning
• CVE-2014-0224
  high
• CVE-2014-3470
  warning
• CVE-2010-5298
  warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com