1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP VMWare Vielib CreateProcess ActiveX Code Exec

HTTP VMWare Vielib CreateProcess ActiveX Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability by using a method of VMware Vielib ActiveX control.

Additional Information

VMware is virtualization software available for a variety of platforms.

An ActiveX control installed with VMware is prone to multiple remote code-execution vulnerabilities. These issues occur because the application fails to verify the origin of a call to the 'CreateProcess' and 'CreateProcessEx' methods in the 'vielib.dll' dynamic library. A remote attacker can use a hostile HTML page to execute arbitrary code.

These vulnerabilities reside in the ActiveX control with the following CLSID:
0F748FDE-0597-443C-8596-71854C5EA20A

An attacker can exploit these issues to execute hostile code on a victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to execute arbitrary code with the privileges of the affected user; other consequences are possible.

These issues affect VMware 6.0.0; other versions may also be affected.

Affected

  • VMWare ACE 1.0.3, 1.0.4, 2.0, 2.0.1
  • VMWare Player 1.0.4, 1.0.5, 2.0, 2.0.1
  • VMWare Server 1.0.3, 1.0.4
  • VMWare Workstation 5.5.4, 5.5.5, 6.0, 6.0.1
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube