CVE-2017-4902 – VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4902
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. Wmware ESXi sin el parche ESXi650-201703410-SG y 5.5 sin el parche ESXi550-201703401-SG; Workstation Pro / Player 12.x anterior a 12.5.5 y Fusion Pro /Fusion 8.x anterior a la 8.5.6 tiene un buffer overflow basado en el heap --heap-- en SVGA. Este problema permitiría a un huésped ejecutar código en el host. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/97163 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7463
https://notcve.org/view.php?id=CVE-2016-7463
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. Vulnerabilidad de XSS en el Host Client en VMware vSphere Hypervisor (también conocido como ESXi) 5.5 y 6.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una VM manipulada. • http://www.securityfocus.com/bid/94998 http://www.securitytracker.com/id/1037501 http://www.vmware.com/security/advisories/VMSA-2016-0023.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-5330 – VMware Host Guest Client Redirector - DLL Side Loading
https://notcve.org/view.php?id=CVE-2016-5330
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en la característica HGFS (también conocido como Shared Folders) en VMware Tools 10.0.5 en VMware ESXi 5.0 hasta la versión 6.0, VMware Workstation Pro 12.1.x en versiones anteriores a 12.1.1, VMware Workstation Player 12.1.x en versiones anteriores a 12.1.1 y VMware Fusion 8.1.x en versiones anteriores a 8.1.1 permite a usuarios locales obtener privilegios a través de una libreria troyanizada o fichero DLL troyanizado en el directorio de trabajo actual • https://www.exploit-db.com/exploits/41711 http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload http://www.securityfocus.com/archive/1/539131/100/0/threaded http://www.securityfocus.com/bid/92323 http://www.securitytracker.com/id/1036544 http://www.securitytracker.com/id/1036545 http://www.securitytracker.com/id/1036619 http://www.vmware.com/security/advisories/VMSA-2016-0010.html https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_ • CWE-426: Untrusted Search Path •
CVE-2015-6933
https://notcve.org/view.php?id=CVE-2015-6933
The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. La implementación VMware Tools HGFS (también conocida como Shared Folders) en VMware Workstation 11.x en versiones anteriores a 11.1.2, VMware Player 7.x en versiones anteriores a 7.1.2, VMware Fusion 7.x en versiones anteriores a 7.1.2 y VMware ESXi 5.0 hasta la versión 6.0 permite a usuarios de SO invitado de Windows obtener privilegios de SO invitado o provocar una denegación de servicio (corrupción de memoria del kernel del SO invitado) a través de vectores no especificados. • http://www.securitytracker.com/id/1034603 http://www.securitytracker.com/id/1034604 http://www.vmware.com/security/advisories/VMSA-2016-0001.html • CWE-284: Improper Access Control •
CVE-2015-1044 – VMware Workstation Authorization Service Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2015-1044
vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors. vmware-authd (también conocido como el proceso de autorización) en VMware Workstation 10.x anterior a 10.0.5, VMware Player 6.x anterior a 6.0.5, y VMware ESXi 5.0 hasta 5.5 permite a atacantes causar una denegación de servicio del sistema operativo anfitrión a través de vectores no especificados. This vulnerability allows remote attackers to cause a denial-of-service on vulnerable installations of VMWare Workstation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VMWare Authorization service, which is listening on port 912. By sending a malformed packet, an attacker is able to cause the service to shut itself down. The service will not automatically restart, and once disabled virtual machines will not be able to get access to new resources. • http://secunia.com/advisories/62551 http://secunia.com/advisories/62569 http://secunia.com/advisories/62669 http://www.securityfocus.com/bid/72336 http://www.securitytracker.com/id/1031645 http://www.securitytracker.com/id/1031646 http://www.vmware.com/security/advisories/VMSA-2015-0001.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100935 •