Vigil@nce: VMware, code execution
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker located in a guest system can execute code on the host
system.
Severity: 2/4
Consequences: administrator access/rights
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 10/04/2009
IMPACTED PRODUCTS
– VMware ACE
– VMware ESX Server
– VMware ESX Server 3i
– VMware Player
– VMware Server
– VMware Workstation
DESCRIPTION OF THE VULNERABILITY
VMware products virtualize display features.
A vulnerability in display features can be used by an attacker
located in a guest system to execute code on the host system.
Technical details are unknown.
CHARACTERISTICS
Identifiers: BID-34471, CVE-2009-1244, VIGILANCE-VUL-8622,
VMSA-2009-0006
http://vigilance.fr/vulnerability/VMware-code-execution-8622