Vmware Tools vulnerabilities

CVE-2010-0205 [LOW] VMware Workstation, Player, and ACE address several security issues. VMSA-2010-0014: VMware Workstation, Player, and ACE address several security issues. a. VMware Workstation and Player installer security issue The Workstation 7.x and Player 3.x installers will load an index.htm file located in the current working directory on which Workstation 7.x or Player 3.x is being installed. This may allow an attacker to display a malicious file if they manage to get their file onto

CVE-2009-1564 [HIGH] VMware hosted products, vCenter Server and ESX patches resolve multiple security issues VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues a. Windows-based VMware Tools Unsafe Library Loading vulnerability A vulnerability in the way VMware libraries are referenced allows for arbitrary code execution in the context of the logged on user. This vulnerability is present only on Windows Guest Operating Systems. In order for an

CVE-2007-2052 [MEDIUM] VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. VMSA-2009-0016: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the f

CVE-2009-2267 [MEDIUM] VMware hosted products and ESX patches resolve two security issues VMSA-2009-0015: VMware hosted products and ESX patches resolve two security issues a. Mishandled exception on page faults An improper setting of the exception code on page faults may allow for local privilege escalation on the guest operating system. This vulnerability does not affect the host system. VMware would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for reporting this

CVE-2008-1382 [MEDIUM] VMware Hosted products and ESX and ESXi patches resolve security issues VMSA-2009-0007: VMware Hosted products and ESX and ESXi patches resolve security issues a. VMware Descheduled Time Accounting driver vulnerability may cause a denial of service in Windows based virtual machines. The VMware Descheduled Time Accounting Service is an optional, experimental service that provides improved guest operating system accounting. This patch fixes a denial of service vulnerability

CVE-2008-4916 [MEDIUM] VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability VMSA-2009-0006: VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability a. Host code execution vulnerability from a guest operating system A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host. This issue is different from the vulnerability in a guest virtual device drive

CVE-2008-3761 [MEDIUM] VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues VMSA-2009-0005: VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues a. Denial of service guest to host vulnerability in a virtual device A vulnerability in a guest virtual device driver, could allow a guest operating system to crash the host and consequently any virtual machines on that host. VMware would like to thank Andrew Honig of

CVE-2008-4225 [MEDIUM] ESX patches address an issue loading corrupt virtual disks and update Service Console packages VMSA-2009-0001: ESX patches address an issue loading corrupt virtual disks and update Service Console packages a. Loading a corrupt delta disk may cause ESX to crash If the VMDK delta disk of a snapshot is corrupt, an ESX host might crash when the corrupted disk is loaded. VMDK delta files exist for virtual machines with one or more snapshots. This change ensures that a corrupt

CVE-2008-4281 [MEDIUM] VMware Hosted products and patches for ESX and ESXi resolve two security issues VMSA-2008-0018: VMware Hosted products and patches for ESX and ESXi resolve two security issues a. A privilege escalation on 32-bit and 64-bit guest operating systems VMware products emulate hardware functions and create the possibility to run guest operating systems. A flaw in the CPU hardware emulation might allow the virtual CPU to incorrectly handle the Trap flag. Exploitation of this flaw

CVE-2006-1721 [LOW] Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues VMSA-2008-0009: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve criti