VMware Products Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in various VMware products, which could be exploited by attackers to disclose sensitive information, cause a denial of service, or compromise an affected system.
1.Two errors in the VMware Tools package for Windows can be exploited to execute arbitrary code or potentially gain escalated privileges.
2. An error in the USB service can be exploited to gain escalated privileges on host systems by placing a malicious executable at a certain location on the host.
NOTE: This vulnerability cannot be exploited without administrative privileges on recent Windows versions (e.g. Windows XP and Windows Vista).
3. An error in libpng can be exploited to disclose uninitialised memory via a specially crafted image.
4. A boundary error and two integer truncation errors in the VMnc codec can be exploited to potentially execute arbitrary code.
5. An error in the VMware Authorization Service ("vmware-authd") can be exploited to cause a crash.
6. An error in the virtual networking stack can be exploited to disclose potentially sensitive information.
7. A format string error in "vmrun" can be exploited to potentially gain escalated privileges.
8. A format string error in the VMware Remote Console (VMrc) plugin and can be exploited to potentially corrupt memory via a specially crafted web page.
Successful exploitation may allow execution of arbitrary code.
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- VMware ACE 2.x
- VMware Fusion 2.x
- VMware Player 2.x
- VMware Player 3.x
- VMware Workstation 6.x
- VMware Workstation 7.x
- VMware Server 2.x
- VMware Remote Console 2.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Update to the latest version of VMware Products
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
Vulnerability Identifier
- CVE-2009-1564
- CVE-2009-1565
- CVE-2009-2042
- CVE-2009-3707
- CVE-2010-1138
- CVE-2010-1139
- CVE-2010-1140
- CVE-2010-1141
- CVE-2010-1142
- CVE-2009-3732
Source
Share with