Vulnerabilities > CVE-2015-2340 - Resource Management Errors vulnerability in VMWare products

CVSS 6.1 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

low complexity

vmware

microsoft

CWE-399

nessus

NVD

Published: 2015-06-13

Updated: 2016-12-31

Summary

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Horizon Client 3.2.0 Vmware Horizon Client 3.3 Vmware Horizon View Client 5.4 Vmware Horizon View Client 5.4.1 Vmware Fusion 6.0 Vmware Fusion 6.0.1 Vmware Fusion 6.0.2 Vmware Fusion 6.0.3 Vmware Fusion 6.0.4 Vmware Fusion 6.0.5 Vmware Fusion 7.0 Vmware Fusion 7.0.1 Vmware Player 6.0 Vmware Player 6.0.1 Vmware Player 6.0.2 Vmware Player 6.0.3 Vmware Player 6.0.4 Vmware Player 6.0.5 Vmware Player 7.0 Vmware Player 7.1 Vmware Workstation 10.0 Vmware Workstation 10.0.1 Vmware Workstation 10.0.2 Vmware Workstation 10.0.3 Vmware Workstation 10.0.4 Vmware Workstation 10.0.5 Vmware Workstation 11.0 Vmware Workstation 11.1	28
OS	Microsoft Microsoft Windows *	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Windows
NASL id	VMWARE_PLAYER_7_1_1_VMSA_2015-0004.NASL
description	The version of VMware Player installed on the remote Windows host is 7.x prior to 7.1.1. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists due to a stack-based buffer overflow condition in the JPEG2000 plugin that is triggered when parsing a Quantization Default (QCD) marker segment in a JPEG2000 (JP2) image file. A remote attacker can exploit this, using a specially crafted image, to execute arbitrary code or cause a denial of service condition. (CVE-2012-0897) - Multiple unspecified remote code execution vulnerabilities exists in
last seen	2020-06-01
modified	2020-06-02
plugin id	84220
published	2015-06-16
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84220
title	VMware Player 7.x < 7.1.1 Multiple Vulnerabilities (VMSA-2015-0004)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84220); script_version("1.10"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id( "CVE-2012-0897", "CVE-2015-2336", "CVE-2015-2337", "CVE-2015-2338", "CVE-2015-2339", "CVE-2015-2340" ); script_bugtraq_id(51426, 75092, 75095); script_xref(name:"VMSA", value:"2015-0004"); script_name(english:"VMware Player 7.x < 7.1.1 Multiple Vulnerabilities (VMSA-2015-0004)"); script_summary(english:"Checks the VMware Player version."); script_set_attribute(attribute:"synopsis", value: "The remote host has a virtualization application installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of VMware Player installed on the remote Windows host is 7.x prior to 7.1.1. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists due to a stack-based buffer overflow condition in the JPEG2000 plugin that is triggered when parsing a Quantization Default (QCD) marker segment in a JPEG2000 (JP2) image file. A remote attacker can exploit this, using a specially crafted image, to execute arbitrary code or cause a denial of service condition. (CVE-2012-0897) - Multiple unspecified remote code execution vulnerabilities exists in 'TPView.dll' and 'TPInt.dll' library files. (CVE-2015-2336, CVE-2015-2337) - The 'TPview.dll' and 'TPInt.dll' library files fail to properly handle memory allocation. A remote attacker can exploit this to cause a denial of service. (CVE-2015-2338, CVE-2015-2339, CVE-2015-2340)"); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2015-0004.html"); script_set_attribute(attribute:"solution", value:"Upgrade to VMware Player version 7.1.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Irfanview JPEG2000 jp2 Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies("vmware_player_detect.nasl"); script_require_keys("SMB/Registry/Enumerated", "VMware/Player/Path", "VMware/Player/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); version = get_kb_item_or_exit("VMware/Player/Version"); path = get_kb_item_or_exit("VMware/Player/Path"); fixed = '7.1.1'; if ( version =~ "^7\." && ver_compare(ver:version, fix:fixed, strict:FALSE) == -1 ) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report += '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed + '\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Player", version, path);

NASL family	Windows
NASL id	VMWARE_WORKSTATION_MULTIPLE_VMSA_2015_0004.NASL
description	The version of VMware Workstation installed on the remote Windows host is 10.x prior to 10.0.6 or 11.x prior to 11.1.1. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists due to a stack-based buffer overflow condition in the JPEG2000 plugin that is triggered when parsing a Quantization Default (QCD) marker segment in a JPEG2000 (JP2) image file. A remote attacker can exploit this, using a specially crafted image, to execute arbitrary code or cause a denial of service condition. (CVE-2012-0897) - Multiple unspecified remote code execution vulnerabilities exists in
last seen	2020-06-01
modified	2020-06-02
plugin id	84223
published	2015-06-16
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/84223
title	VMware Workstation 10.x < 10.0.6 / 11.x < 11.1.1 Multiple Vulnerabilities (VMSA-2015-0004) (Windows)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84223); script_version("1.10"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id( "CVE-2012-0897", "CVE-2015-2336", "CVE-2015-2337", "CVE-2015-2338", "CVE-2015-2339", "CVE-2015-2340" ); script_bugtraq_id(51426, 75092, 75095); script_xref(name:"VMSA", value:"2015-0004"); script_name(english:"VMware Workstation 10.x < 10.0.6 / 11.x < 11.1.1 Multiple Vulnerabilities (VMSA-2015-0004) (Windows)"); script_summary(english:"Checks the VMware Workstation version."); script_set_attribute(attribute:"synopsis", value: "The remote host has a virtualization application installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of VMware Workstation installed on the remote Windows host is 10.x prior to 10.0.6 or 11.x prior to 11.1.1. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists due to a stack-based buffer overflow condition in the JPEG2000 plugin that is triggered when parsing a Quantization Default (QCD) marker segment in a JPEG2000 (JP2) image file. A remote attacker can exploit this, using a specially crafted image, to execute arbitrary code or cause a denial of service condition. (CVE-2012-0897) - Multiple unspecified remote code execution vulnerabilities exists in 'TPView.dll' and 'TPInt.dll' library files. (CVE-2015-2336, CVE-2015-2337) - The 'TPview.dll' and 'TPInt.dll' library files fail to properly handle memory allocation. A remote attacker can exploit this to cause a denial of service. (CVE-2015-2338, CVE-2015-2339, CVE-2015-2340)"); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2015-0004.html"); script_set_attribute(attribute:"solution", value:"Upgrade to VMware Workstation version 10.0.6 / 11.1.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Irfanview JPEG2000 jp2 Stack Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies("vmware_workstation_detect.nasl"); script_require_keys("SMB/Registry/Enumerated", "VMware/Workstation/Version", "VMware/Workstation/Path"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); appname = 'VMware Workstation'; version = get_kb_item("VMware/Workstation/Version"); if (isnull(version)) audit(AUDIT_NOT_INST, appname); path = get_kb_item_or_exit("VMware/Workstation/Path"); fix = NULL; if (version =~ "^10\." && ver_compare(ver:version, fix:"10.0.6", strict:FALSE) == -1) fix = "10.0.6"; else if (version =~ "^11\." && ver_compare(ver:version, fix:"11.1.1", strict:FALSE) == -1) fix = "11.1.1"; if(fix) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity >0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);

NASL family	Windows
NASL id	VMWARE_HORIZON_VIEW_CLIENT_VMSA_2015_0004.NASL
description	The version of VMware Horizon View Client installed on the remote host is 3.2.x prior to 3.2.1, 3.3.x prior to 3.4.0, or 5.x (with local mode) prior to 5.4.2. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists due to a stack-based buffer overflow condition in the JPEG2000 plugin that is triggered when parsing a Quantization Default (QCD) marker segment in a JPEG2000 (JP2) image file. A remote attacker can exploit this, using a specially crafted image, to execute arbitrary code or cause a denial of service condition. (CVE-2012-0897) - Multiple denial of service vulnerabilities exist due to improper memory allocation by the TPView.dll and TPInt.dll libraries. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2338, CVE-2015-2339, CVE-2015-2340) - Multiple remote code execution vulnerabilities exist due to improper memory allocation by the TPView.dll and TPInt.dll libraries. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-2336, CVE-2015-2337)
last seen	2020-06-01
modified	2020-06-02
plugin id	84150
published	2015-06-12
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84150
title	VMware Horizon View Client 3.2.x < 3.2.1 / 3.3.x < 3.4.0 / or 5.x < 5.4.2 Multiple Vulnerabilities (VMSA-2015-0004)

NASL family	Windows
NASL id	VMWARE_PLAYER_6_0_6_VMSA_2015-0004.NASL
description	The version of VMware Player installed on the remote Windows host is 6.x prior to 6.0.6. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists due to a stack-based buffer overflow condition in the JPEG2000 plugin that is triggered when parsing a Quantization Default (QCD) marker segment in a JPEG2000 (JP2) image file. A remote attacker can exploit this, using a specially crafted image, to execute arbitrary code or cause a denial of service condition. (CVE-2012-0897) - Multiple unspecified remote code execution vulnerabilities exists in
last seen	2020-06-01
modified	2020-06-02
plugin id	84219
published	2015-06-16
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84219
title	VMware Player 6.x < 6.0.6 Multiple Vulnerabilities (VMSA-2015-0004)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References