VMware patches buffer overflow in legacy products
Virtualisation specialist VMware has warned of a vulnerability (CVE-2011-3868) that could allow attackers to execute arbitrary code. The vulnerability lies in the way UDF filesystems are handled within VMware's Workstation, Player, and Fusion applications, and could be exploited by an attacker to execute code should a user install software from a specially crafted malicious ISO image. The problem was discovered by an anonymous person via the SecuriTeam Secure Disclosure program, and is believed to be present on all host operating systems.
VMware versions up to and including Workstation 7.1.4, Player 3.1.4, and Fusion 3.1.2 are affected; other products are not vulnerable. Updated releases of all three products have been made available, and should be downloaded by affected users. Further details are available in VMware's Security Advisory.
See also:
- VMware warns of vulnerability in its products, a report from The H.
(ehe)