1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




VMware Products Multiple Vulnerabilities

Report ID: SA200904405
Source: Secunia
Date of Discovery: 21.08.2009
Criticality: Urgent
Affects:
VMWare ACE 2.x
VMWare Player 2.x
VMware Workstation 6.x

Compromise From: From remote
Compromise Type: System access
Cross site scripting
DoS

Summary

Some vulnerabilities have been reported in multiple VMware products, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or compromise a vulnerable system.

Detailed Description

1) Multiple vulnerabilities in libpng and Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.

2) Two vulnerabilities in the VMnc codec (vmnc.dll) can be exploited to corrupt memory and potentially execute arbitrary code.

For more information:
SA34938

The vulnerabilities are reported in the following products and versions:
* VMware Workstation 6.5.2 and earlier
* VMware Player 2.5.2 and earlier
* VMware ACE 2.5.2 and earlier

Solution

-- VMware Workstation --

Update to version 6.5.3 build 185404 or later:
http://www.vmware.com/download/ws/

-- VMware Player --

Update to version 2.5.3 build 185404 or later:
http://www.vmware.com/download/player/

-- VMware ACE 2.5.3 --

Update to version 2.5.3 build 185404 or later:
http://www.vmware.com/download/ace/

Original Reference

`