Vulnerabilities > CVE-2016-7080 - NULL Pointer Dereference vulnerability in VMWare Tools
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7079.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_VMWARE_TOOLS_VMSA_2016_0014.NASL description The version of VMware Tools installed on the remote Mac OS X host is 9.x or 10.x prior to 10.0.9. It is, therefore, affected by multiple NULL pointer dereference flaws in the graphic acceleration functions due to improper memory handling. A local attacker can exploit these to gain elevated privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 93520 published 2016-09-15 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93520 title VMware Tools 9.x / 10.x < 10.0.9 Multiple Privilege Escalations (VMSA-2016-0014) (Mac OS X) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2016-0014.NASL description a. VMware Workstation heap-based buffer overflow vulnerabilities via Cortado ThinPrint VMware Workstation contains vulnerabilities that may allow a windows -based virtual machine (VM) to trigger heap-based buffer overflows in the windows-based hypervisor running VMware workstation that the VM resides on. Exploitation of this issue may lead to arbitrary code execution in the hypervisor OS. Exploitation is only possible if virtual printing has been enabled in VMware Workstation. This feature is not enabled by default. VMware Knowledge Base article 2146810 documents the procedure for enabling and disabling this feature. VMware would like to thank E0DB6391795D7F629B5077842E649393 working with Trend Micro last seen 2020-06-01 modified 2020-06-02 plugin id 93512 published 2016-09-15 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93512 title VMSA-2016-0014 : VMware ESXi, Workstation, Fusion, & Tools updates address multiple security issues NASL family MacOS X Local Security Checks NASL id MACOSX_FUSION_VMSA_2016_0014.NASL description The version of VMware Fusion installed on the remote Mac OS X host is 8.x prior to 8.5.0. It is, therefore, affected by multiple NULL pointer dereference flaws in the graphic acceleration functions due to improper memory handling. A local attacker can exploit these to gain elevated privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 93519 published 2016-09-15 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93519 title VMware Fusion 8.x < 8.5.0 Multiple Privilege Escalations (VMSA-2016-0014) (Mac OS X)