Kaspersky Threats

Kaspersky ID:

KLA10383

Detect Date:

05/03/2012

Updated:

01/22/2024

Description

Multiple critical vulnerabilities have been found in VMware. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code. Below is a complete list of vulnerabilities

Improper RPC handling can be exploited by guest OS users via specially designed pointers;
Unknown vectors can be exploited remotely via specially designed NFS traffic;
Improper floppy & SCSI devices can be exploited by guest OS users via unknown vectors.

Original advisories

VMware bulletin

CVE list

CVE-2012-2449
critical
CVE-2012-2448
critical
CVE-2012-2450
critical
CVE-2012-1517
critical
CVE-2012-1516
critical

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Kaspersky ID:

KLA10383

Detect Date:

05/03/2012

Updated:

01/22/2024

Severity

critical

Solution

Update to latest version
Vmware Products

Impacts

ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected products

VMware Workstation versions 8.0.2, 7.1.5
VMware Player versions 4.0.2, 3.1.4
VMware Fusion 4.1.2
ESXi 5.0 without patch ESXi500-201205401-SG
ESXi 4.1 without patches ESXi410-201205401-SG, ESXi410-201110201-SG, ESXi410-201201401-SG
ESXi 4.0 without patches ESXi400-201105201-UG, ESXi400-201205401-SG
ESXi 3.5 without patch ESXe350-201205401-I-SG
ESX 4.1 without patches ESX410-201205401-SG, ESX410-201110201-SG, ESX410-201201401-SG
ESX 4.0 without patches ESX400-201105201-UG, ESX400-201205401-SG
ESX 3.5 without patch ESX350-201205401-SG

ACE vulnerability in VMware

Description

Original advisories

Related products

CVE list

Read more