VMware closes holes in its virtualisation products
Virtualisation specialist VMware is warning customers of two security problems in its virtualisation solutions. According to the company, the vulnerabilities affect VMware Workstation, Player, Fusion, ESXi and ESX.
The first of these holes (CVE-2012-3288) is a memory corruption issue when loading Checkpoint files. To be exploited, an attacker must already be able to load a specially crafted Checkpoint in a virtual machine (VM) in order to execute arbitrary code on a host. The other issue (CVE-2012-3289) is a remote denial-of-service (DoS) vulnerability caused by manipulated traffic from a remote virtual device.
Further details, including links to patches are provided that correct these problems, can be found in the company's security advisory.
See also:
- VMware hosted products and ESXi and ESX patches address security issues, security advisory from VMware.
(crve)