CVE-2011-3868 - Buffer Errors vulnerability in Vmware and products

Publication

2011-10-07

Last modification

2018-10-09

Summary

Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image.

Description

Multiple VMware products are prone to a buffer-overflow vulnerability.An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.The following products are affected:VMware Workstation 7.1.4 and earlierVMware Player 3.1.4 and earlierVMware Fusion 3.1.2 and earlier

Solution

The vendor has released an advisory and updates. Please see the references for more information.

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:M/Au:N/C:C/I:C/A:C)

High

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Vmware AMS 
Vmware Fusion  3.1.1 , 3.1 , 3.1.2
Vmware Player  3.1.2 , 3.0 , 3.1.3 , 3.1 , 3.0.1 , 3.1.1 , 3.1.4
Vmware Workstation  7.1.3 , 7.0.1 , 7.1.4 , 7.1.2 , 7.1 , 7.0 , 7.1.1