------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2015-0005 Synopsis: VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability Issue date: 2015-07-09 Updated on: 2015-07-09 CVE number: CVE-2015-3650 ------------------------------------------------------------------------ 1. Summary VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability. 2. Relevant Releases VMware Workstation for Windows 11.x prior to version 11.1.1 VMware Workstation for Windows 10.x prior to version 10.0.7 VMware Player for Windows 7.x prior to version 7.1.1 VMware Player for Windows 6.x prior to version 6.0.7 VMware Horizon Client for Windows (with Local Mode Option) prior to version 5.4.2 3. Problem Description a. VMware Workstation, Player and Horizon View Client for Windows host privilege escalation vulnerability. VMware Workstation, Player and Horizon View Client for Windows do not set a discretionary access control list (DACL) for one of their processes. This may allow a local attacker to elevate their privileges and execute code in the security context of the affected process. VMware would like to thank Kyriakos Economou of Nettitude for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-3650 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= =============== VMware Workstation 11.x Windows 11.1.1 VMware Workstation 10.x Windows 10.0.7 VMware Player 7.x Windows 7.1.1 VMware Player 6.x Windows 6.0.7 VMware Horizon Client for 5.x Windows 5.4.2 Windows (with Local Mode Option) VMware Horizon Client for 3.x any not affected Windows 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware Workstation -------------------------------- https://www.vmware.com/go/downloadworkstation VMware Player -------------------------------- https://www.vmware.com/go/downloadplayer VMware Horizon Clients -------------------------------- https://www.vmware.com/go/viewclients 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650 ------------------------------------------------------------------------ 6. Change log 2015-07-09 VMSA-2015-0005 Initial security advisory. ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735 VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC Copyright 2015 VMware Inc. All rights reserved.