Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
VMware Tools Local Privilege Escalation Vulnerability (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with VMWare product(s) that are vulnerable to local privilege escalation vulnerability.
Insight
Insight
An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. The HGFS.sys driver is present in the guest operating system if the VMware Tools package is loaded on Windows based Guest OS.
Affected Software
Affected Software
VMware ACE 1.x - 1.0.5 build 79846 on Windows VMware Player 1.x - before 1.0.6 build 80404 on Windows VMware Server 1.x - before 1.0.5 build 80187 on Windows VMware Workstation 5.x - before 5.5.6 build 80404 on Windows
Solution
Solution
Upgrade VMware Product(s) to below version, VMware ACE 1.0.5 build 79846 or later VMware Player 1.0.6 build 80404 or later VMware Server 1.0.5 build 80187 or later VMware Workstation 5.5.6 build 80404 or later.