exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2015-0005

VMware Security Advisory 2015-0005
Posted Jul 10, 2015
Authored by VMware | Site vmware.com

VMware Security Advisory 2015-0005 - VMware Workstation, Player, and Horizon View Client for Windows updates address a host privilege escalation vulnerability.

tags | advisory
systems | windows
advisories | CVE-2015-3650
SHA-256 | 59a3124a6a1edf44fcbd19fea4a8569a864b53e76d75f7d23cf7672bccf89777

VMware Security Advisory 2015-0005

Change Mirror Download
------------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2015-0005
Synopsis: VMware Workstation, Player and Horizon View Client for
Windows updates address a host privilege escalation
vulnerability

Issue date: 2015-07-09
Updated on: 2015-07-09
CVE number: CVE-2015-3650
------------------------------------------------------------------------

1. Summary

VMware Workstation, Player and Horizon View Client for Windows
updates address a host privilege escalation vulnerability.

2. Relevant Releases

VMware Workstation for Windows 11.x prior to version 11.1.1
VMware Workstation for Windows 10.x prior to version 10.0.7
VMware Player for Windows 7.x prior to version 7.1.1
VMware Player for Windows 6.x prior to version 6.0.7
VMware Horizon Client for Windows (with Local Mode Option) prior to
version 5.4.2


3. Problem Description

a. VMware Workstation, Player and Horizon View Client for Windows
host privilege escalation vulnerability.

VMware Workstation, Player and Horizon View Client for Windows do
not set a discretionary access control list (DACL) for one of
their processes. This may allow a local attacker to elevate their
privileges and execute code in the security context of the
affected process.

VMware would like to thank Kyriakos Economou of Nettitude for
reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2015-3650 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= ===============
VMware Workstation 11.x Windows 11.1.1
VMware Workstation 10.x Windows 10.0.7

VMware Player 7.x Windows 7.1.1
VMware Player 6.x Windows 6.0.7

VMware Horizon Client for 5.x Windows 5.4.2
Windows (with Local Mode Option)

VMware Horizon Client for 3.x any not affected
Windows



4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

VMware Workstation
--------------------------------
https://www.vmware.com/go/downloadworkstation

VMware Player
--------------------------------
https://www.vmware.com/go/downloadplayer

VMware Horizon Clients
--------------------------------
https://www.vmware.com/go/viewclients


5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650

------------------------------------------------------------------------

6. Change log

2015-07-09 VMSA-2015-0005
Initial security advisory.


------------------------------------------------------------------------

7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

Twitter
https://twitter.com/VMwareSRC

Copyright 2015 VMware Inc. All rights reserved.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close