KLA10452
Multiple vulnerabilities in VMware products
Updated: 11/06/2018
CVSS
?
7.1
Detect date
?
01/27/2015
Severity
?
High
Description

Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to gain privileges or cause denial of service.

Below is a complete list of vulnerabilities

  1. Vectors related to file write can be exploited locally;
  2. Improper input validation can be exploited locally;
  3. An obsolete version of SSL can be exploited remotely;
  4. An obsolete version of libxml2 can be exploited remotely.
Affected products

VMware Workstation 10 versions earlier than 10.0.5
VMware Player 6 versions earlier than 6.0.5
VMware Fusion 7 versions earlier than 7.0.1
VMware Fusion 6 versions earlier than 6.0.5
VMware vCenter Server 5.5 earlier than update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG
ESXi 5.1 without patch ESXi510-201404101-SG
ESXi 5.0 without patch ESXi500-201405101-SG

Solution

Update to latest version
Get VMware products

Original advisories

VMSA

Impacts
?
OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

LoI 
[?]
Related products
VMware Workstation
VMware Player
VMware Server
VMware vCenter Converter Standalone
VMware vSphere Client
VMware Fusion
CVE-IDS
?

CVE-2014-3566
CVE-2014-3568
CVE-2014-3660
CVE-2015-1043
CVE-2015-1044
CVE-2014-3513
CVE-2014-3567
CVE-2014-8370