VMware Workstation, Fusion and Horizon View Client updates (VMSA-2015-0004)

ITS Advisory Number: 
2015-064
Date(s) Issued: 
Wednesday, June 10, 2015
Subject: 
VMware Workstation, Fusion and Horizon View Client updates (VMSA-2015-0004)
Overview: 

Multiple vulnerabilities have been discovered within VMware Workstation, Fusion, Horizon View Client and Player that allows remote code execution and denial of services to the Windows OS that runs the applications. VMware Workstation enables users to set up one or more virtual machines (VMs) on a single physical machine, and use them simultaneously along with the actual machine. VMware Fusion allows Intel-based Macs to run operating systems such as Microsoft Windows, Linux, NetWare, or Solaris on virtual machines, along with their Mac OS X operating system. VMware Horizon View Client provides remote-desktop capabilities to users using VMware's virtualization technology. VMware Player can run existing virtual appliances and create its own virtual machines.

Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights

Systems Affected: 
  • VMware Workstation prior to version 11.1.1
  • VMware Workstation prior to version 10.0.6
  • VMware Player prior to version 7.1.1
  • VMware Player prior to version 6.0.6
  • VMware Fusion prior to version 7.0.1
  • VMware Fusion prior to version 6.0.6
  • VMware Horizon Client for Windows prior to version 3.4.0
  • VMware Horizon Client for Windows prior to version 3.2.1
  • VMware Horizon Client for Windows (with local mode) prior to version 5.4.1 
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

VMware Workstation and Horizon Client TPView.ddl and TPInt.dll incorrectly handle memory allocation. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon Client.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2012-0897 and CVE-2015-2336 (TPView.dll Code Execution), CVE-2015-2338 and CVE-2015-2339 (TPview.dll DoS), CVE-2015-2337 (TPInt.dll Code Execution), and CVE-2015-2340 (TPInt.dll DoS) to these issues.

VMware Workstation, Player, and Fusion contain an input validation issue on an RPC command. This issue may allow for a Denial of Service of the Guest Operating System (32-bit) or a Denial of Service of the Host Operating System (64-bit).

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-2341 to this issue.

Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights

Actions: 

We recommend the following actions be taken:

  • Apply the patches from VMware, as soon as one becomes available, after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.