Internet threat level: 1
Home→Descriptions→SA48782
VMware Multiple Products Privilege Escalation Security Issue
| Secunia ID | |
| CVE-ID | |
| Release Date |
13 Apr 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
VMware Fusion 4.x |
| Where | |
| Impact |
Privilege escalationThis covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users. This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system. |
| Description |
A security issue has been reported in multiple VMware products, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the application setting insecure permissions on the VMware Tools folder and can be exploited to gain escalated privileges on Windows-based guest operating systems. Please see the vendor's advisory for a list of affected products and versions. |
| Solution |
Update to a fixed version (please see the vendor's advisory for details). |
| Reported by |
The vendor credits Tavis Ormandy. |
| Original Advisory |
VMware: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.