VMWare ACE 2.x
VMWare Player 2.x
VMware Workstation 6.x
Cross site scripting
Some vulnerabilities have been reported in multiple VMware products, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or compromise a vulnerable system.
1) Multiple vulnerabilities in libpng and Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
2) Two vulnerabilities in the VMnc codec (vmnc.dll) can be exploited to corrupt memory and potentially execute arbitrary code.
For more information:
The vulnerabilities are reported in the following products and versions:
* VMware Workstation 6.5.2 and earlier
* VMware Player 2.5.2 and earlier
* VMware ACE 2.5.2 and earlier