Kaspersky Threats — KLA10452

Продукты:

Для дома

Для малого бизнеса

Для среднего бизнеса

Для крупного бизнеса

Kaspersky ID:

KLA10452

Дата обнаружения:

27/01/2015

Обновлено:

22/01/2024

Описание

Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to gain privileges or cause denial of service.

Below is a complete list of vulnerabilities

Vectors related to file write can be exploited locally;
Improper input validation can be exploited locally;
An obsolete version of SSL can be exploited remotely;
An obsolete version of libxml2 can be exploited remotely.

Первичный источник обнаружения

VMSA

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

Список CVE

CVE-2014-3566
warning
CVE-2014-3568
warning
CVE-2014-3660
warning
CVE-2015-1043
warning
CVE-2015-1044
warning
CVE-2014-3513
high
CVE-2014-3567
high
CVE-2014-8370
high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!

Kaspersky ID:

KLA10452

Дата обнаружения:

27/01/2015

Обновлено:

22/01/2024

Уровень угрозы

high

Решение

Update to latest version
Get VMware products

Impacts

ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

LoI

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Затронутые продукты

VMware Workstation 10 versions earlier than 10.0.5
VMware Player 6 versions earlier than 6.0.5
VMware Fusion 7 versions earlier than 7.0.1
VMware Fusion 6 versions earlier than 6.0.5
VMware vCenter Server 5.5 earlier than update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG
ESXi 5.1 without patch ESXi510-201404101-SG
ESXi 5.0 without patch ESXi500-201405101-SG

Kaspersky IT Security Calculator:

Оцените ваш профиль кибербезопасности

Узнать больше

Встречай новый Kaspersky!

Каждая минута твоей онлайн-жизни заслуживает топовой защиты.

Узнать больше

Confirm changes?

Your message has been sent successfully.