Two vulnerabilities have been identified in various VMware products, which could be exploited by attackers or malicious users to disclose sensitive information or gain elevated privileges. The first issue is caused due to an improper setting of the exception code on page faults on guest operating systems, which could allow malicious users to gain elevated privileges on a guest OS. The second vulnerability is caused by an unspecified input validation error, which could allow attackers with access to the network on which the host resides to download any file from the host system via directory traversal attacks

The following programs are vulnerable.