Kaspersky Threats

Detect date

?

05/03/2012

Severity

?

Critical

Description

Multiple critical vulnerabilities have been found in VMware. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code. Below is a complete list of vulnerabilities

Improper RPC handling can be exploited by guest OS users via specially designed pointers;
Unknown vectors can be exploited remotely via specially designed NFS traffic;
Improper floppy & SCSI devices can be exploited by guest OS users via unknown vectors.

Affected products

VMware Workstation versions 8.0.2, 7.1.5
VMware Player versions 4.0.2, 3.1.4
VMware Fusion 4.1.2
ESXi 5.0 without patch ESXi500-201205401-SG
ESXi 4.1 without patches ESXi410-201205401-SG, ESXi410-201110201-SG, ESXi410-201201401-SG
ESXi 4.0 without patches ESXi400-201105201-UG, ESXi400-201205401-SG
ESXi 3.5 without patch ESXe350-201205401-I-SG
ESX 4.1 without patches ESX410-201205401-SG, ESX410-201110201-SG, ESX410-201201401-SG
ESX 4.0 without patches ESX400-201105201-UG, ESX400-201205401-SG
ESX 3.5 without patch ESX350-201205401-SG

Solution

Update to latest version
Vmware Products

Original advisories

VMware bulletin

Impacts

?

ACE

[?]

DoS

[?]

Detect date ?	05/03/2012
Severity ?	Critical
Description	Multiple critical vulnerabilities have been found in VMware. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code. Below is a complete list of vulnerabilities Improper RPC handling can be exploited by guest OS users via specially designed pointers; Unknown vectors can be exploited remotely via specially designed NFS traffic; Improper floppy & SCSI devices can be exploited by guest OS users via unknown vectors.
Affected products	VMware Workstation versions 8.0.2, 7.1.5 VMware Player versions 4.0.2, 3.1.4 VMware Fusion 4.1.2 ESXi 5.0 without patch ESXi500-201205401-SG ESXi 4.1 without patches ESXi410-201205401-SG, ESXi410-201110201-SG, ESXi410-201201401-SG ESXi 4.0 without patches ESXi400-201105201-UG, ESXi400-201205401-SG ESXi 3.5 without patch ESXe350-201205401-I-SG ESX 4.1 without patches ESX410-201205401-SG, ESX410-201110201-SG, ESX410-201201401-SG ESX 4.0 without patches ESX400-201105201-UG, ESX400-201205401-SG ESX 3.5 without patch ESX350-201205401-SG
Solution	Update to latest version Vmware Products
Original advisories	VMware bulletin
Impacts ?	ACE [?] DoS [?]
Related products	VMware Workstation VMware Player VMware Infrastructure VMware vSphere Client VMware Fusion
CVE-IDS ?	CVE-2012-24499.0Critical CVE-2012-24487.5Critical CVE-2012-24509.0Critical CVE-2012-15179.0Critical CVE-2012-15169.0Critical