Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

VMCI/HGFS VmWare Code Execution Vulnerability (Windows)

Information

Severity

Severity

Medium

Family

Family

Buffer overflow

CVSSv2 Base

CVSSv2 Base

6.9

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

3 years ago

Summary

The host is installed with VMWare product(s) that are vulnerable to arbitrary code execution.

Insight

Insight

VMCI is an optional feature that allows communication with one another. This vulnerability allows the guest systems to execute arbitrary code on the host in the context of vmx process. The issue affects Windows based VMWare hosts only. VMware Host Guest File System (HGFS) shared folders feature allows users to transfer data between a guest operating system and the host operating system. A heap buffer overflow exists in VMware HGFS which allows guest system to execute code in the context of vmx process on the host. The issue exists only when VMWare system has shared folder enabled. Successful exploitation requires that the vix.inGuest.enable configuration value is enabled

Affected Software

Affected Software

VMware ACE/Player 2.0.x - 2.0.3 on all Windows VMware Workstation 6.0.x - 6.0.3 on all Windows

Solution

Solution

Upgrade VMware to below versions, VMware Workstation 6.0.4 or later. VMware Player/ACE 2.0.4 or later.

Common Vulnerabilities and Exposures (CVE)