Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.105851
Kategorie:VMware Local Security Checks
Titel:VMware ESXi updates address multiple important security issues (VMSA-2016-0010)
Zusammenfassung:A DLL hijacking vulnerability is present in the VMware Tools 'Shared Folders' (HGFS); feature running on Microsoft Windows.
Beschreibung:Summary:
A DLL hijacking vulnerability is present in the VMware Tools 'Shared Folders' (HGFS)
feature running on Microsoft Windows.

Vulnerability Impact:
Exploitation of this issue may lead to arbitrary code execution with the privileges
of the victim. In order to exploit this issue, the attacker would need write access to a network share and they
would need to entice the local user into opening their document.

Successfully exploiting this issue requires installation of 'Shared Folders' component (HGFS feature) which does not
get installed in 'custom/typical' installation of VMware Tools on Windows VM running on ESXi.

Affected Software/OS:
ESXi 6.0 without patch ESXi600-201603102-SG

ESXi 5.5 without patch ESXi550-201607102-SG

ESXi 5.1 without patch ESXi510-201605102-SG

ESXi 5.0 without patch ESXi500-201606102-SG

Solution:
Apply the missing patch(es).

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-5330
BugTraq ID: 92323
http://www.securityfocus.com/bid/92323
Bugtraq: 20160805 DLL side loading vulnerability in VMware Host Guest Client Redirector (Google Search)
http://www.securityfocus.com/archive/1/539131/100/0/threaded
http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload
https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_vmware_host_guest_client_redirector.html
http://www.securitytracker.com/id/1036544
http://www.securitytracker.com/id/1036545
http://www.securitytracker.com/id/1036619
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.