KLA10386
Multiple vulnerabilities in VMware
Updated: 02/15/2015
CVSS
?
10.0
Detect date
?
09/23/2010
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to cause denial of service, inject arbitrary scripts, execute arbitrary code and obtain sensitive information.
Below is a complete list of vulnerabilities

  1. Insecure file rendering can be exploited locally by overwriting index.htm;
  2. Buffer overflows, improper handling of compressed data and memory leaks can be exploited remotely via a specially designed PNG image;
  3. Improper request handling can be exploited via a specially designed request.
Affected products

VMware Workstation verisons 7.1.1 and earlier
VMware Player versions 3.1.1 and earlier
VMware ACE Management Server versions 2.7.1 and earlier

Solution

Update to latest version
VMWare Products

Original advisories

VMware bulletin

Impacts
?
CI 
[?]

ACE 
[?]

OSI 
[?]

DoS 
[?]
Related products
VMware Workstation
VMware Player
VMware ACE
CVE-IDS
?

CVE-2010-2249
CVE-2010-0205
CVE-2010-1205
CVE-2010-3277
CVE-2010-0434
CVE-2010-0425