Guest OS Privilege Escalation in VMware Tools Affecting VMware Workstation and Player
CVE-2014-3793

Currently unrated

Key Information:

Vendor: Vmware
Status: Player; Esxi; Fusion; Workstation
Vendor: CVE Published:; 31 May 2014

Summary

VMware Tools in several VMware products, including Workstation, Player, Fusion, and ESXi, contain a vulnerability that enables users of a Windows 8.1 guest operating system to escalate their privileges. This can lead to unauthorized actions within the guest OS or potentially cause a denial of service due to a kernel NULL pointer dereference. It is critical for users of affected versions to apply patches to mitigate these risks and secure their virtual environments.

References

http://www.vmware.com/security/advisories/VMSA-2014-0005....

x_refsource_CONFIRM

http://packetstormsecurity.com/files/126869/VMware-Securi...

x_refsource_MISC

http://www.securitytracker.com/id/1030310

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 31, 2014
Vulnerability Reserved
May 20, 2014