关键信息 Product/Component: VMware Notification Id: 23446 Last Updated: 27 May 2014 Initial Publication Date: 27 May 2014 Status: CLOSED Severity: HIGH Affected CVE: CVE-2014-3793 VMWare Security Advisory ID: VMSA-2014-0005 Subject: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation Summary Vulnerability: Privilege escalation in VMware Tools affecting Windows 8.1. Affected Products: - VMware Workstation 10.x prior to version 10.0.2 - VMware Player 6.x prior to version 6.0.2 - VMware Fusion 6.x prior to version 6.0.3 - ESXi 5.5, 5.1, 5.0 without specific patches Problem Description Issue: Kernel NULL dereference vulnerability in VMware Tools on Windows 8.1. Impact: Escalation of privilege in the guest operating system. CVE: CVE-2014-3793 Solution Patch Files: - Workstation 10.x: Link - Player 6.x: Link - Fusion 6.x: Link - ESXi 5.5: File and SHA Sums - ESXi 5.1: File and SHA Sums - ESXi 5.0: File and SHA Sums References CVE-2014-3793