The host is installed with VMWare product(s) that are vulnerable to multiple buffer overflow.

Successful exploitation allow attackers to execute arbitrary code on the affected system and local user can obtain elevated privileges on the target system. Successful exploitation requires that the vix.inGuest.enable configuration value is enabled. Impact Level : System

Upgrade VMware Product(s) to below version, VMware Player 1.0.7 build 91707 or 2.0.4 build 93057 or later www.vmware.com/download/player/ VMware Server 1.0.6 build 91891 or later www.vmware.com/download/server/ VMware Workstation 5.5.7 build 91707 or 6.0.4 build 93057 or later www.vmware.com/download/ws/ VMware ACE 2.0.4 build 93057 http://www.vmware.com/download/ace/

VMware VIX API (Application Program Interface) fails to adequately bounds check user supplied input before copying it to insufficient size buffer.

VMware Player 1.x - before 1.0.7 build 91707 on Windows VMware Player 2.x - before 2.0.4 build 93057 on Windows VMware Server 1.x - before 1.0.6 build 91891 on Windows VMware Workstation 5.x - before 5.5.7 build 91707 on Windows VMware Workstation 6.x - before 6.0.4 build 93057 on Windows VMware ACE 2.x - before 2.0.4 build 93057 on Windows

• http://secunia.com/advisories/30556
• http://www.vmware.com/security/advisories/VMSA-2008-0009.html

---

Updated on 2015-03-25