Security Advisory
- VMware Products Multiple Vulnerabilities Reported Date: 10-04-10
Rated Level: 
Impact: Dos,Exposure Of Sensitive Information,Privilege,System Access,Remotely Exploitable
Affected Software: VMware ACE 2.x
VMware Fusion 2.x
VMware Player 2.x
VMware Player 3.x
VMware Workstation 6.x
VMware Workstation 7.x
VMware Fusion 2.x
VMware Player 2.x
VMware Player 3.x
VMware Workstation 6.x
VMware Workstation 7.x
Description: Some vulnerabilities have been reported in multiple VMware products, which can be exploited by malicious, local users to disclose sensitive information or gain escalated privileges, and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a user's system.
1) Two errors in the VMware Tools package for Windows can be exploited to execute arbitrary code or potentially gain escalated privileges.
2) An error in the USB service can be exploited to gain escalated privileges on host systems by placing a malicious executable at a certain location on the host.
3) An error in libpng can be exploited to disclose uninitialised memory via a specially crafted image.
4) A boundary error and two integer truncation errors in the VMnc codec can be exploited to potentially execute arbitrary code.
5) An error in the VMware Authorization Service ("vmware-authd") can be exploited to cause a crash.
6) An error in the virtual networking stack can be exploited to disclose potentially sensitive information.
7) A format string error in "vmrun" can be exploited to potentially gain escalated privileges.
1) Two errors in the VMware Tools package for Windows can be exploited to execute arbitrary code or potentially gain escalated privileges.
2) An error in the USB service can be exploited to gain escalated privileges on host systems by placing a malicious executable at a certain location on the host.
3) An error in libpng can be exploited to disclose uninitialised memory via a specially crafted image.
4) A boundary error and two integer truncation errors in the VMnc codec can be exploited to potentially execute arbitrary code.
5) An error in the VMware Authorization Service ("vmware-authd") can be exploited to cause a crash.
6) An error in the virtual networking stack can be exploited to disclose potentially sensitive information.
7) A format string error in "vmrun" can be exploited to potentially gain escalated privileges.
Note: 4) Alin Rad Pop, Secunia Research
The vendor also credits:
1) Jure Skofic and Mitja Kolsek of ACROS Security
2) Thierry Zoller
4) iDefense and Sebastien Renaud of Vupen
6) Johann MacDonagh
7) Thomas Toth-Steiner
The vendor also credits:
1) Jure Skofic and Mitja Kolsek of ACROS Security
2) Thierry Zoller
4) iDefense and Sebastien Renaud of Vupen
6) Johann MacDonagh
7) Thomas Toth-Steiner
Solution:
Update to a latest version.
Original Advisory: VMware (VMSA-2010-0007):
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
Secunia Research:
http://secunia.com/secunia_research/2009-36/
http://secunia.com/secunia_research/2009-37/
http://lists.vmware.com/pipermail/security-announce/2010/000090.html
Secunia Research:
http://secunia.com/secunia_research/2009-36/
http://secunia.com/secunia_research/2009-37/
Feedback: If you have additional information or corrections for this security advisory please contact us at advisory(at)triviasecurity.org
- Cpanel v11.25 PHP Restriction Bypass Vulnerability (03/09/10)
- cPanel Customer Portal (index.cgi) Xss Vulnerability (03/09/10)
- TFTP Desktop v2.5 Directory Traversal Vulnerability (03/09/10)
- TFTPDWIN v0.4.2 Directory Traversal Vulnerability (03/09/10)
- Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability (03/09/10)
- Novell Netware 6.5 OpenSSH Remote Stack Overflow (03/09/10)
- Microsoft Visio 2010 v14.0.4514.1004 (dwmapi.dll) DLL Hijacking Exploit (27/08/10)
- Microsoft Windows Power Point 2007 DLL Hijacking Exploit (pp4x322.dll) (27/08/10)
- Windows Live Messenger (Build 14.0.8117.416) dll (msgsres.dll) Hijacking exploit (27/08/10)
- Windows Live Messenger (Build 1.0.8117.416) dll (msgsres.dll) Hijacking exploit (27/08/10)
- Copyright © 2003-2010 TriviaSecurity Team