Immunity, Inc.
Name wp_vmware_tools
CVE CVE-2012-1518
Exploit Pack White_Phosphorus
DescriptionVMware Tools Incorrect Folder Permissions Privilege Escalation
NotesCVE Name: CVE-2012-1518
VENDOR: VMWare
Notes:
VMware Tools Incorrect Folder Permissions Privilege Escalation
Affects VMWare tools installed by

Workstation 8.0.1 and earlier
Workstation 7.1.5 and earlier
Player 4.0.1 and earlier
Player 3.1.5 and earlier
Fusion 4.1.1 and earlier
ESXi 5.0 without patch ESXi500-201203102-SG
ESXi 4.1 without patch ESXi410-201201402-BG
ESXi 4.0 without patch ESXi400-201203402-BG
ESXi 3.5 without patch ESXe350-201203402-T-BG
ESX 4.1 without patch ESX410-201201401-SG
ESX 4.0 without patch ESX400-201203401-SG
ESX 3.5 without patch ESX350-201203402-BG

This module works by setting the VMWare tools log file to write a .bat file to the All Users startup folder.

Sucessfully testing on Windows XP, Vista, Windows 7

Even if the hosting hypervisor has been patched, a Virtual Machine will still be vulnerable untill the new version of VMWare tools is installed.

VersionsAffected:
Repeatability: Unlimited
References: http://www.vmware.com/security/advisories/VMSA-2012-0007.html
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1518
Date public: 2012-04-12

Learn more about the CANVAS Exploit Pack here: White_Phosphorus