-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0042 Title: VMware View privilege escalation and cross-site scripting [1] Version history: 19.03.2012 Initial publication Summary ======= a. VMware Virtual Desktop Display Driver Privilege Escalation. Exploitation of these issues may lead to local privilege escalation on View virtual desktops. b. View Manager Portal Cross-site Scripting. The attacker can trigger this vulnerability by supplying a crafted URL to the victim and convincing them to click on the link. CVE-2012-1508, CVE-2012-1509, CVE-2012-1510, CVE-2012-1511 [3] Vulnerable systems ================== Product version 4.6 running on Windows Product version 4.0 running on Windows, no patch planned Original Details ================ a. VMware Virtual Desktop Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on View virtual desktops.[1] b. View Manager Portal Cross-site Scripting A cross-site scripting vulnerability in View Manager Portal may allow a remote attacker to run scripts in the victim's browser. The attacker can trigger this vulnerability by supplying a crafted URL to the victim and convincing them to click on the link.[1] What can you do? ================ Updates have been released [2] What to tell your users? ======================== N/A More information ================ [1]http://www.vmware.com/security/advisories/VMSA-2012-0004.html [2]http://downloads.vmware.com/d/info/desktop_downloads/vmware_view/4_6 [3]Information about CVSS: http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJPZ2AOOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4OMMBAAt49lpGkg ak7WVw518GX4rCvrbp2aUML8tI0tLqdoN7+ni4OA3KEyVQb2ATZhxCUUPdrn2mYr NciLCENbLGrJyRdHdj1+k4l1K5B+tFBxjfO05i4goNTmh1wyFGWqlTZEFC5LHUG4 RrrgW5gasSEgA5mQGBtN7rPf72UE1lh2I4XErpXCE06Gz5HGKHg3BqeA9bfvxYT5 EtL2MXzdVuPO4X5fDltS0L9c7dq3cpPFmKP2MUXOzIau1KJqjFfQbpr577Rs+bSO Y+DYG1cnuYiLrjvWJ3MW1Gf5SDa3LqKc3JbHYTVEigL0aT/Ollja35ZkBXrq/rLA 7TdNA4HHuArxyq4sFbKWr3wp1N+Ro8pCiwm8kdbl8sOjNp2CC2IVfhayFcO1Vok7 bG+TZnS6hxbFDlyNJYJXqk9MaSrj0fJVYG497LD/un8EN/efFpq537O16biO2Wtg /oXhsmzk2Y8Ar+QTCGPpOe9M9DbPAxsdnt2nRGCnQ1jr2MUCbKYwvOnOUsv0wBPt AO3JNWBMeS3zr5bt/p0EPeBEtXJ1YB8KOEjC2QWeJpulDW2Un5cvyTRsMUJJT6DG tDD+CPQbYic0B5GQhA960MErN8S34cj1BJJlVtAjrw6f4G7O4OnhtBPmjzTrMdmk CqsLEC+zr+zZM4buYL0RfwfyzZV/1mIKiYE= =n6cG -----END PGP SIGNATURE-----