a. VMware host memory overwrite vulnerability (data pointers)
Due to a flaw in the handler function for RPC commands, it is possible to manipulate data pointers within the VMX process. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.
Workaround
Configure virtual machines to use less than 4 GB of memory. Virtual machines that have less than 4GB of memory are not affected.
OR
Disable VIX messages from each guest VM by editing the configuration file (.vmx) for the virtual machine as described in VMware Knowledge Base article 1714. Add the following line:
isolation.tools.vixMessage.disable = “TRUE”
Note: This workaround is not valid for Workstation 7.x and Fusion 3.x.
Mitigation
Do not allow untrusted users access to your virtual machines. Root or Administrator level permissions are not required to exploit this issue.
The Common Vulnerabilities and Exposures project ( cve.mitre.org) has assigned the name CVE-2012-1516 to this issue.
VMware would like to thank Derek Soeder of Ridgeway Internet Security, L.L.C. for reporting this issue to us.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.