Executive Summary
Summary | |
---|---|
Title | "VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability" |
Informations | |||
---|---|---|---|
Name | VMSA-2015-0005 | First vendor Publication | 2015-07-09 |
Vendor | VMware | Last vendor Modification | 2015-07-09 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. VMware Workstation, Player and Horizon View Client for Windows host privilege escalation vulnerability. VMware Workstation, Player and Horizon View Client for Windows do not set a discretionary access control list (DACL) for one of their processes. This may allow a local attacker to elevate their privileges and execute code in the security context of the affected process. VMware would like to thank Kyriakos Economou of Nettitude for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-3650 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2015-0005.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-284 | Access Control (Authorization) Issues |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-07-16 | IAVM : 2015-A-0147 - VMware Player Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0061069 |
2015-07-16 | IAVM : 2015-A-0146 - VMware Workstation Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0061091 |
2015-06-18 | IAVM : 2015-B-0076 - Multiple Vulnerabilities in VMware Horizon View Client Severity : Category I - VMSKEY : V0060965 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-07-16 | Name : The virtualization application installed on the remote host is affected by a ... File : vmware_horizon_view_client_vmsa_2015_0005.nasl - Type : ACT_GATHER_INFO |
2015-07-16 | Name : The virtualization application installed on the remote host is affected by a ... File : vmware_player_priv_esc_vmsa_2015_0005.nasl - Type : ACT_GATHER_INFO |
2015-07-16 | Name : The virtualization application installed on the remote host is affected by a ... File : vmware_workstation_priv_esc_vmsa_2015_0005.nasl - Type : ACT_GATHER_INFO |
2015-01-23 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0005.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-10-18 17:26:47 |
|
2015-07-18 13:29:52 |
|
2015-07-13 21:31:38 |
|
2015-07-10 21:31:48 |
|
2015-07-10 00:25:23 |
|