CVE-2012-1515

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 3.5 through 4.1 VMware ESX versions 3.5 through 4.1

Description The issue concerns improper implementation of port-based I/O operations, allowing guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine. Additionally, there is an elevation of privilege issue related to how Windows handles BIOS memory, which could allow an attacker to run arbitrary code in kernel mode, enabling them to install programs, view, change, or delete data, or create new accounts with full administrative rights.

Recommendations For VMware ESXi versions 3.5 through 4.1, consider restricting access to the Virtual DOS Machine to minimize the risk of exploitation. For VMware ESX versions 3.5 through 4.1, consider restricting access to the Virtual DOS Machine to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.