CVE-2014-3793: Null Pointer Dereference
First published: Sat May 31 2014(Updated: )
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Fusion Pro | =6.0 | |
| VMware Fusion Pro | =6.0.1 | |
| VMware Fusion Pro | =6.0.2 | |
| VMware Player | =6.0 | |
| VMware Player | =6.0.1 | |
| VMware Workstation | =10.0 | |
| VMware Workstation | =10.0.1 | |
| VMware ESXi | =5.0 | |
| VMware ESXi | =5.0-1 | |
| VMware ESXi | =5.0-2 | |
| VMware ESXi | =5.1 | |
| VMware ESXi | =5.1-1 | |
| VMware ESXi | =5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html
- http://secunia.com/advisories/58894
- http://www.securityfocus.com/archive/1/532236/100/0/threaded
- http://www.securitytracker.com/id/1030310
- http://www.securitytracker.com/id/1030311
- http://www.vmware.com/security/advisories/VMSA-2014-0005.html
Frequently Asked Questions
What is the severity of CVE-2014-3793?
CVE-2014-3793 has a critical severity rating due to its potential to allow guest OS users to gain elevated privileges or cause a denial of service.
How do I fix CVE-2014-3793?
To fix CVE-2014-3793, update to VMware Tools version 10.0.2 or later for VMware Workstation, version 6.0.2 or later for VMware Player, version 6.0.3 or later for VMware Fusion, and ensure ESXi is updated beyond version 5.5.
What products are affected by CVE-2014-3793?
CVE-2014-3793 affects VMware Workstation 10.x, VMware Player 6.x, VMware Fusion 6.x, and VMware ESXi 5.0 to 5.5 when a Windows 8.1 guest OS is used.
Can CVE-2014-3793 lead to data loss?
Yes, CVE-2014-3793 can potentially lead to data loss as it may allow unauthorized access to guest OS privileges, enabling malicious actions.
Is CVE-2014-3793 a local or remote vulnerability?
CVE-2014-3793 is considered a local vulnerability as it requires an authenticated user within the guest OS to exploit it.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware fusion pro
- version/vmware fusion pro/6.0
- version/vmware fusion pro/6.0.1
- version/vmware fusion pro/6.0.2
- canonical/vmware player
- version/vmware player/6.0
- version/vmware player/6.0.1
- canonical/vmware workstation
- version/vmware workstation/10.0
- version/vmware workstation/10.0.1
- canonical/vmware esxi
- version/vmware esxi/5.0
- version/vmware esxi/5.0-1
- version/vmware esxi/5.0-2
- version/vmware esxi/5.1
- version/vmware esxi/5.1-1
- version/vmware esxi/5.5