VMware Products Multiple Vulnerabilities

Multiple vulnerabilities have been identified in various VMware products, which could be exploited by attackers to disclose sensitive information, cause a denial of service, or compromise an affected system.

1.Two errors in the VMware Tools package for Windows can be exploited to execute arbitrary code or potentially gain escalated privileges.

2. An error in the USB service can be exploited to gain escalated privileges on host systems by placing a malicious executable at a certain location on the host.

NOTE: This vulnerability cannot be exploited without administrative privileges on recent Windows versions (e.g. Windows XP and Windows Vista).

3. An error in libpng can be exploited to disclose uninitialised memory via a specially crafted image.

4. A boundary error and two integer truncation errors in the VMnc codec can be exploited to potentially execute arbitrary code.

5. An error in the VMware Authorization Service ("vmware-authd") can be exploited to cause a crash.

6. An error in the virtual networking stack can be exploited to disclose potentially sensitive information.

7. A format string error in "vmrun" can be exploited to potentially gain escalated privileges.

8. A format string error in the VMware Remote Console (VMrc) plugin and can be exploited to potentially corrupt memory via a specially crafted web page.

Successful exploitation may allow execution of arbitrary code.