Lucene search
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_FUSION_VMSA_2016_0019.NASLHistoryNov 23, 2016 - 12:00 a.m.
VMware Fusion 8.x < 8.5.2 Drag-and-Drop Feature Arbitrary Code Execution (VMSA-2016-0019)
2016-11-2300:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
8.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
26.9%
The version of VMware Fusion installed on the remote Mac OS X host is 8.x prior to 8.5.2. It is, therefore, affected by an arbitrary code execution vulnerability in the drag-and-drop feature due to an out-of-bounds memory access error. An attacker within the guest can exploit this to execute arbitrary code on the host system.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(95286);
script_version("1.9");
script_cvs_date("Date: 2019/11/14");
script_cve_id("CVE-2016-7461");
script_bugtraq_id(94280);
script_xref(name:"VMSA", value:"2016-0019");
script_name(english:"VMware Fusion 8.x < 8.5.2 Drag-and-Drop Feature Arbitrary Code Execution (VMSA-2016-0019)");
script_summary(english:"Checks the VMware Fusion version.");
script_set_attribute(attribute:"synopsis", value:
"A virtualization application installed on the remote Mac OS X host is
affected by an arbitrary code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of VMware Fusion installed on the remote Mac OS X host is
8.x prior to 8.5.2. It is, therefore, affected by an arbitrary code
execution vulnerability in the drag-and-drop feature due to an
out-of-bounds memory access error. An attacker within the guest can
exploit this to execute arbitrary code on the host system.");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2016-0019.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to VMware Fusion version 8.5.2 or later. Alternatively,
disable both the drag-and-drop function and the copy-and-paste
function.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7461");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/13");
script_set_attribute(attribute:"patch_publication_date", value:"2016/11/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/23");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_fusion_detect.nasl");
script_require_keys("Host/local_checks_enabled", "installed_sw/VMware Fusion", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("install_func.inc");
include("misc_func.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
get_kb_item_or_exit("Host/local_checks_enabled");
os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
install = get_single_install(app_name:"VMware Fusion", exit_if_unknown_ver:TRUE);
version = install['version'];
path = install['path'];
fix = '';
if (version =~ "^8\.") fix = '8.5.2';
if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Fusion", version, path);
Related
myhack58
myhack58
vmware
vmware
nessus
nessus
kaspersky
kaspersky
openvas
openvas
VMware Workstation DnD Function Out-of-Bounds Access Vulnerability - Windows
2017-02-03 00:00:00
VMware Workstation DnD Function Out-of-Bounds Access Vulnerability - Linux
2017-02-03 00:00:00
VMware Workstation Player 'DnD' Out-of-Bounds Access Vulnerability - Linux
2017-02-03 00:00:00
cvelist
cvelist
CVE-2016-7461
2016-12-29 09:02:00
threatpost
threatpost
VMware Patches Virtual Machine Escape Vulnerability
2016-11-15 10:54:16
cve
cve
CVE-2016-7461
2016-12-29 09:59:00
nvd
nvd
CVE-2016-7461
2016-12-29 09:59:00
prion
prion
Out-of-bounds
2016-12-29 09:59:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
8.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
26.9%
Related for MACOSX_FUSION_VMSA_2016_0019.NASL