Info

Disclosure

Mar 15, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Mar 15, 2012

Description

VMware View is prone to an overflow condition. The program fails to properly sanitize user-supplied input related to the XPDM display driver resulting in a buffer overflow. A remote attacker can potentially execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified

Solution

Upgrade to version 4.6.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

VMware, Inc.	VMware View	4.0
		4.6

References

Security Tracker: 1026814
CVE ID: 2012-1509 (see also: NVD)
Secunia Advisory ID: 48379
Bugtraq ID: 52524
ISS X-Force ID: 74096
Related OSVDB ID: 80115 80117 80118
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html
Vendor Specific Advisory URL: http://www.vmware.com/security/advisories/VMSA-2012-0004.html
Vendor Specific News/Changelog Entry: http://www.vmware.com/security/advisories/VMSA-2012-0005.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/80116

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

VMware, Inc.

VMware View

References

Credit