PT-2015-1323 · Vmware · Vmware Player+2

Published

2015-06-13

Updated

2016-12-31

CVE-2015-2341

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 10.x through 10.0.4 VMware Player versions 6.x through 6.0.5 VMware Fusion versions 6.x through 6.0.5 and versions 7.x through 7.0.0

Description The issue exists due to insufficient input validation in the hypervisor, allowing an attacker to cause a denial of service against a 32-bit guest OS or 64-bit host OS using a specially crafted RPC request.

Recommendations For VMware Workstation versions 10.x through 10.0.4, update to version 10.0.5 or later. For VMware Player versions 6.x through 6.0.5, update to version 6.0.6 or later. For VMware Fusion versions 6.x through 6.0.5, update to version 6.0.6 or later. For VMware Fusion versions 7.x through 7.0.0, update to version 7.0.1 or later.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-10391

BDU:2015-10392

BDU:2015-10393

CVE-2015-2341

Affected Products

Vmware Fusion

Vmware Player

Vmware Workstation

PT-2015-1323 · Vmware · Vmware Player+2

CVE-2015-2341

Weakness Enumeration

Related Identifiers

Affected Products

References · 8