VMware Workstation and Player USB Service Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID: 1023834|
SecurityTracker URL: http://securitytracker.com/id/1023834
(Links to External Site)
Date: Apr 9 2010
Execution of arbitrary code via local system, Root access via local system, User access via local system|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): Workstation 7.0, Player 3.0|
A vulnerability was reported in VMware Workstation and Player. A local user can obtain elevated privileges on the target system.|
A physically local user with access to a USB port can place a specially crafted executable on the target system to execute arbitrary code on the target guest operating system with elevated privileges.
Windows-based VMware Workstation and Player versions are affected.
Thierry Zoller reported this vulnerability.
A physically local user may be able to obtain elevated privileges on the target guest operating system.|
The vendor has issued a fix (Workstation 7.0.1 build 227600, Player 3.0.1 build 227600).|
The vendor's advisory will be available at:
Vendor URL: www.vmware.com/security/advisories/ (Links to External Site)
Source Message Contents
Date: Fri, 09 Apr 2010 16:01:36 +0000|
c. Windows-based VMware Workstation and Player host privilege
A vulnerability in the USB service allows for a privilege
escalation. A local attacker on the host of a Windows-based
Operating System where VMware Workstation or VMware Player
is installed could plant a malicious executable on the host and
elevate their privileges.
In order for an attacker to exploit the vulnerability, the attacker
would need to be able to plant their malicious executable in a
certain location on the host machine. On most recent versions of
Windows (XP, Vista) the attacker would need to have administrator
privileges to plant the malicious executable in the right location.
VMware would like to thank Thierry Zoller for reporting this issue
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1140 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.0 Windows 7.0.1 build 227600 or later
Workstation 7.0 Linux not affected
Workstation 6.5.x any not affected
Player 3.0 Windows 3.0.1 build 227600 or later
Player 3.0 Linux not affected
Player 2.5.x any not affected
Ace any any not affected
Server 2.x any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected