Release Date: 2008-02-22
Critical: Moderately critical
Impact: Security Bypass, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: VMware ESX Server 2.x, VMware ESX Server 3.x ...
Solution: Apply patches...
VMware client products on Windows...
Last Updated: 2008-02-24 12:19:22 UTC
"... VMware vulnerability*... full scape from the guest virtual machine to the host is possible: "On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations." It has been rated as critical by VMware and it affects all VMware client products on Windows, that is:
- VMware Workstation 6.0.2 and earlier, AND 5.5.4 and earlier
- VMware Player 2.0.2 and earlier, AND 1.0.4 and earlier
- VMware ACE 2.0.2 and earlier, AND 1.0.2 and earlier..."
Last Modified Date: 02-22-2008
Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders...
Edited by apluswebmaster, 26 February 2008 - 08:43 AM.