KLA10383 ACE vulnerability in VMware

Detect date:

05/03/2012

Severity:

Critical

Description:

Multiple critical vulnerabilities have been found in VMware. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code. Below is a complete list of vulnerabilities

Affected products:

VMware Workstation versions 8.0.2, 7.1.5
VMware Player versions 4.0.2, 3.1.4
VMware Fusion 4.1.2
ESXi 5.0 without patch ESXi500-201205401-SG
ESXi 4.1 without patches ESXi410-201205401-SG, ESXi410-201110201-SG, ESXi410-201201401-SG
ESXi 4.0 without patches ESXi400-201105201-UG, ESXi400-201205401-SG
ESXi 3.5 without patch ESXe350-201205401-I-SG
ESX 4.1 without patches ESX410-201205401-SG, ESX410-201110201-SG, ESX410-201201401-SG
ESX 4.0 without patches ESX400-201105201-UG, ESX400-201205401-SG
ESX 3.5 without patch ESX350-201205401-SG

Solution:

Update to latest version
Vmware Products

Original advisories:

VMware bulletin

Impacts:

ACE

Related products:

VMware Workstation

CVE-IDS:

CVE-2012-24499.0Critical
CVE-2012-24487.5Critical
CVE-2012-24509.0Critical
CVE-2012-15179.0Critical
CVE-2012-15169.0Critical