Description
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.
Affected products
- VMware / ace2.5.2 – 2.5.2
- VMware / ace2.5.3 – 2.5.3
- VMware / ace2.5.0 – 2.5.0
- VMware / ace2.5.1 – 2.5.1
- VMware / esx2.5.5 – 2.5.5
- VMware / esx3.5 – 3.5
- VMware / esx4.0 – 4.0
- VMware / esx3.0.3 – 3.0.3
- VMware / ESXi3.5 – 3.5
- VMware / ESXi4.0 – 4.0
- VMware / Fusion2.0.5 – 2.0.5
- VMware / Fusion2.0.2 – 2.0.2
- VMware / Fusion2.0.3 – 2.0.3
- VMware / Fusion2.0.4 – 2.0.4
- VMware / Fusion3.0 – 3.0
- VMware / Fusion2.0 – 2.0
- VMware / Fusion2.0.1 – 2.0.1
- VMware / player2.5.3 – 2.5.3
- VMware / player2.5.2 – 2.5.2
- VMware / player2.5.1 – 2.5.1
- VMware / player2.5 – 2.5
- VMware / server2.0.2 – 2.0.2
- VMware / server2.0.0 – 2.0.0
- VMware / server2.0.1 – 2.0.1
- VMware / Workstation6.5.0 – 6.5.0
- VMware / Workstation6.5.3 – 6.5.3
- VMware / Workstation6.5.2 – 6.5.2
- VMware / Workstation6.5.1 – 6.5.1
References
- MISChttp://security.gentoo.org/glsa/glsa-201209-25.xml
- VENDOR_ADVISORYhttp://secunia.com/advisories/39206
- MAILING_LISThttp://lists.vmware.com/pipermail/security-announce/2010/000090.html
- MISChttp://www.securityfocus.com/bid/39394
- MISChttp://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
- MISChttp://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt
- MISChttp://www.securitytracker.com/id?1023833
- VENDOR_ADVISORYhttp://secunia.com/advisories/39198
- MISChttp://www.securitytracker.com/id?1023832
- VENDOR_ADVISORYhttp://www.vmware.com/security/advisories/VMSA-2010-0007.html
- MISChttp://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html