Vulnerabilities > CVE-2016-7079 - NULL Pointer Dereference vulnerability in VMWare Tools

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
vmware
apple
CWE-476
nessus

Summary

The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_VMWARE_TOOLS_VMSA_2016_0014.NASL
    descriptionThe version of VMware Tools installed on the remote Mac OS X host is 9.x or 10.x prior to 10.0.9. It is, therefore, affected by multiple NULL pointer dereference flaws in the graphic acceleration functions due to improper memory handling. A local attacker can exploit these to gain elevated privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id93520
    published2016-09-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93520
    titleVMware Tools 9.x / 10.x < 10.0.9 Multiple Privilege Escalations (VMSA-2016-0014) (Mac OS X)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2016-0014.NASL
    descriptiona. VMware Workstation heap-based buffer overflow vulnerabilities via Cortado ThinPrint VMware Workstation contains vulnerabilities that may allow a windows -based virtual machine (VM) to trigger heap-based buffer overflows in the windows-based hypervisor running VMware workstation that the VM resides on. Exploitation of this issue may lead to arbitrary code execution in the hypervisor OS. Exploitation is only possible if virtual printing has been enabled in VMware Workstation. This feature is not enabled by default. VMware Knowledge Base article 2146810 documents the procedure for enabling and disabling this feature. VMware would like to thank E0DB6391795D7F629B5077842E649393 working with Trend Micro
    last seen2020-06-01
    modified2020-06-02
    plugin id93512
    published2016-09-15
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93512
    titleVMSA-2016-0014 : VMware ESXi, Workstation, Fusion, &amp; Tools updates address multiple security issues
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FUSION_VMSA_2016_0014.NASL
    descriptionThe version of VMware Fusion installed on the remote Mac OS X host is 8.x prior to 8.5.0. It is, therefore, affected by multiple NULL pointer dereference flaws in the graphic acceleration functions due to improper memory handling. A local attacker can exploit these to gain elevated privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id93519
    published2016-09-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93519
    titleVMware Fusion 8.x < 8.5.0 Multiple Privilege Escalations (VMSA-2016-0014) (Mac OS X)