You are here

U-128: VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges

March 19, 2012 - 7:00am

Addthis

PROBLEM:

VMware ESX/ESXi Buffer Overflow and Null Pointer Dereference Lets Local Users Gain Elevated Privileges

PLATFORM:

ESX 4.0, 4.1; ESXi 4.0, 4.1, 5.0

ABSTRACT:

A vulnerability was reported in VMware ESX. A local user can obtain elevated privileges on the target system.

reference LINKS:

Secunia Advisory SA48378
SecurityTracker Alert ID: 1026818
CVE-2010-0405

IMPACT ASSESSMENT:

Medium

Discussion:

A local user on a guest operating system can trigger a buffer overflow or null pointer dereference in the display drivers to execute arbitrary code on the target system with elevated privileges. A null pointer dereference in XPDM may occur [CVE-2012-1508]. A buffer overflow in WDDM may occur [CVE-2012-1510].

Impact:

A local user on the guest operating system can obtain elevated privileges on the target system.

Solution:

The vendor has issued a fix.

Addthis