SB2015060909 - Multiple vulnerabilities in VMware Workstation and Fusion

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015060909

SB2015060909 - Multiple vulnerabilities in VMware Workstation and Fusion

Published: June 9, 2015 Updated: June 9, 2025

Security Bulletin ID SB2015060909
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 86% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2012-0897)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Buffer overflow (CVE-ID: CVE-2015-2336)

The vulnerability allows a remote user to execute arbitrary code on the hypervisor.

The vulnerability exists due to a boundary error in TPView.dll. A remote user on the guest OS can trigger memory corruption and execute arbitrary code on the host OS.



3) Buffer overflow (CVE-ID: CVE-2015-2337)

The vulnerability allows a remote user to execute arbitrary code on the hypervisor.

The vulnerability exists due to a boundary error in TPInt.dll. A remote user on the guest OS can trigger memory corruption and execute arbitrary code on the host OS.


4) Buffer overflow (CVE-ID: CVE-2015-2338)

The vulnerability allows a remote user to execute arbitrary code on the hypervisor.

The vulnerability exists due to a boundary error in TPview.dll. A remote user on the guest OS can trigger memory corruption and execute arbitrary code on the host OS.


5) Buffer overflow (CVE-ID: CVE-2015-2339)

The vulnerability allows a remote user to execute arbitrary code on the hypervisor.

The vulnerability exists due to a boundary error in TPview.dll. A remote user on the guest OS can trigger memory corruption and execute arbitrary code on the host OS.


6) Buffer overflow (CVE-ID: CVE-2015-2340)

The vulnerability allows a remote user to execute arbitrary code on the hypervisor.

The vulnerability exists due to a boundary error in TPInt.dll. A remote user on the guest OS can trigger memory corruption and execute arbitrary code on the host OS.


7) Buffer overflow (CVE-ID: CVE-2015-2341)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when handling RPC calls. A remote user on the guest OS can perform a denial of service against a 32-bit guest OS or 64-bit host OS.


Remediation

Install update from vendor's website.

References