Kaspersky LabKLA10597KLA10597 Multiple vulnerabilities in VMware products
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.9 High
AI Score
Confidence
Low
0.945 High
EPSS
Percentile
99.2%
Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code.
Below is a complete list of vulnerabilities
- Improper memory allocation can be exploited locally via an unknown vectors;
- Improper input validation can be exploited locally via vectors related to RPC.
Original advisories
Related products
CVE list
CVE-2015-2337 high
CVE-2015-2336 high
CVE-2015-2339 high
CVE-2012-0897 high
CVE-2015-2341 critical
CVE-2015-2340 high
CVE-2015-2338 high
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- VMware Workstation 11 versions earlier than 11.1.1VMware Workstation 10 versions earlier than 10.0.6VMware Player 7 versions earlier than 7.1.1VMware Player 6 versions earlier than 6.0.6VMware Horizon Client for Windows 3.3 versions earlier than 3.4.0VMware Horizon Client for Windows 3.2 versions earlier than 3.2.1VMware Fusion 7 versions earlier than 7.0.1VMware Fusion 6 versions earlier than 6.0.6
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.9 High
AI Score
Confidence
Low
0.945 High
EPSS
Percentile
99.2%