1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP VMWare IntraProcessingLog File Overwrite

HTTP VMWare IntraProcessingLog File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a file overwrite vulnerability in VMware IntraProcessLogging.DLL ActiveX control.

Additional Information

An ActiveX control installed with VMware is prone to a vulnerability that lets attackers overwrite arbitrary files. This issue occurs because the application fails to sanitize user-supplied input to the 'SetLogFileName' method in the 'IntraProcessLogging.dll' dynamic library.

The vulnerability resides in the ActiveX control with the following CLSID:AF13B07E-28A1-4CAC-9C9A-EC582E354A24..

An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions; other consequences are possible.

This issue affects VMware 5.5.3.42958; other versions may also be affected.

Affected

  • VMWare ACE 1.0.3, 1.0.4, 2.0, 2.0.1
  • VMWare Player 1.0.4, 1.0.5, 2.0, 2.0.1
  • VMWare Server 1.0.3, 1.0.4
  • VMWare Workstation 4.5.2, 5.5.3 build 34685, 5.5.3 build 42958, 5.5.4, 5.5.4 build 44386, 5.5.5, 6.0, 6.0.1

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube