• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

VMWare Workstation Local Format String Vulnerability

A potential format string handling vulnerability is reported to exist in the VMWare workstation executable. It is reported that the affected executable does not correctly handle format specifier characters that are passed to the application as a command line argument. Although unconfirmed, under circumstances where the affected VMWare application is installed with setuid privileges, this failure to handle format strings may facilitate privilege escalation.