VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability

Multiple VMware-hosted products are prone to an information-disclosure vulnerability.

An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks.

The following applications are vulnerable:

Workstation
Player
ACE
Server
Fusion

NOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it.


 

Privacy Statement
Copyright 2010, SecurityFocus