SB2017112002 - Multiple vulnerabilities in VmWare products

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017112002

SB2017112002 - Multiple vulnerabilities in VmWare products

Published: November 20, 2017

Security Bulletin ID SB2017112002
Severity
Low
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2017-4934)

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The weakness exists due to a heap-based buffer overflow in the VMNAT device. An adjacent attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

2) Out-of-bounds write (CVE-ID: CVE-2017-4935)

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds memory write error in JPEG2000 parser in the TPView.dll. An adjacent attacker can trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

3) Out-of-bounds read (CVE-ID: CVE-2017-4936)

The vulnerability allows an adjacent attacker to cause DoS condtition on the target system.

The weakness exists due to out-of-bounds memory read error in JPEG2000 parser in the TPView.dll. An adjacent attacker can trigger memory corruption and cause the service to crash.

4) Out-of-bounds read (CVE-ID: CVE-2017-4937)

The vulnerability allows an adjacent attacker to cause DoS condtition on the target system.

The weakness exists due to out-of-bounds memory read error in JPEG2000 parser in the TPView.dll. An adjacent attacker can trigger memory corruption and cause the service to crash.

5) Null pointer dereference (CVE-ID: CVE-2017-4938)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to a guest RPC NULL pointer dereference. An adjacent attacker can cause the application to crash.

6) Insecure DLL loading (CVE-ID: CVE-2017-4939)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to insecure .dll loading mechanism when opening files. A local attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


Remediation

Install update from vendor's website.

References