VMware Products Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 2 Sep 2008 4777 Views

RISK: Medium Risk

Medium Risk

VMware Server
1. Various vulnerabilities are caused due to unspecified errors within certain ActiveX controls. These can be exploited to e.g. execute arbitrary code by tricking a user into visiting a malicious website.

2. An unspecified error when processing malformed requests exists within the ISAPI Extension. This can be exploited to cause a DoS by sending specially crafted requests to a vulnerable system.

3. An unspecified error related to "OpenProcess" can be exploited by malicious, local users on a host system to gain escalated privileges on the host system.

4. Some vulnerabilities in freetype can potentially be exploited by malicious people to compromise an application using the library.

VMware Workstation
1. Various vulnerabilities are caused due to unspecified errors within certain ActiveX controls. These can be exploited to e.g. execute arbitrary code by tricking a user into visiting a malicious website.

2. An unspecified error related to "OpenProcess" can be exploited by malicious, local users on a host system to gain escalated privileges on the host system.

This vulnerability affects VMware Workstation 5.x for Windows only.

3. Some vulnerabilities in freetype can potentially be exploited by malicious people to compromise an application using the library.

4. A vulnerability in cairo can potentially be exploited by malicious people to compromise an application using the library.

This vulnerability affects VMware Workstation 6.x for Linux only.

VMware Player
1. Various vulnerabilities are caused due to unspecified errors within certain ActiveX controls. These can be exploited to e.g. execute arbitrary code by tricking a user into visiting a malicious website.

2. An unspecified error related to "OpenProcess" can be exploited by malicious, local users on a host system to gain escalated privileges on the host system.

This vulnerability affects VMware Player 1.x for Linux only.

3. Some vulnerabilities in freetype can potentially be exploited by malicious people to compromise an application using the library.

4. A vulnerability in cairo can potentially be exploited by malicious people to compromise an application using the library.

VMware ACE
1. Various vulnerabilities are caused due to unspecified errors within certain ActiveX controls. These can be exploited to e.g. execute arbitrary code by tricking a user into visiting a malicious website.

2. An unspecified error related to "OpenProcess" can be exploited by malicious, local users on a host system to gain escalated privileges on the host system.

This vulnerability affects VMware ACE 1.x for Windows only.

VMware Fusion
1. Some vulnerabilities in freetype can potentially be exploited by malicious people to compromise an application using the library.

2. A vulnerability in cairo can potentially be exploited by malicious people to compromise an application using the library.

System / Technologies affected

  • VMware Server 1.x
  • VMware Workstation 5.x and 6.x
  • VMware Player 1.x and 2.x
  • VMware ACE 1.x and ACE 2.x
  • VMware Fusion 1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • VMware Fusion 1.x
    There is no patch available for this vulnerability currently.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Novell eDirectory Multiple Vulnerabilities

2 Sep 2008 4809 Views

Next

Apple QuickTime Multiple Remote Code Execution Vulnerabilities

11 Sep 2008 4787 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY