Gentoo Linux Security Advisory 201209-25 - Multiple vulnerabilities have been found in VMware Player, Server, and Workstation, allowing remote and local attackers to conduct several attacks, including privilege escalation, remote execution of arbitrary code, and a Denial of Service.
69658d66093686eada54ad82e7c69c212f082445ebab3cf082f1e1fbc3b98de1
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple VMWare products. User interaction is required in that a user must visit a malicious web page or open a malicious video file. Upon installation VMWare Workstation, Server, Player, and ACE register vmnc.dll as a video codec driver to handle compression and decompression of the fourCC type 'VMnc'. This format is used primarily by Workstation to capture remote framebuffer recordings of sessions within a virtual machine. The resulting video is essentially a recorded session of VNC's RFB protocol. In VMWare's implementation the stream consists solely of FrameBufferUpdate messages (message type 0). However, if the message type of one of these blocks is changed to any value greater than 0x03 a size assumption is made which results in faulty math being applied to a pointer used later in a memcpy. This can be leveraged to execute arbitrary code on the host system under the context of the current user.
2283928ddf12b56cdf4fc05ebcfc0623e96e9ad910c43a1a18f92dd7f71ad86f
VMware Security Advisory - Updated VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues.
69d3c63671df094fb6e8d8612166baec58e5df05c421660a5e43b54c2f056969