Several critical security vulnerabilities have been addressed in the newest releases of VMware’s hosted product line. Relevant releases include VMware Workstation 6.0.3, VMware Player 2.0.3, VMware ACE 2.0.3, VMware Fusion 1.1.1 and earlier versions of the before-mentioned products.
Users of VMware hosted products VMware Workstation 5.x, VMware Player 1.x, and VMware ACE 1.x should note that although they are not vulnerable to these issues, they will reach their end of general support on 2008-11-09. Customers should plan to upgrade to the latest version of their respective products.
Some of the security issues:
- VMware HGFS File System Heap Overflow
- Windows based VMCI arbitrary code execution vulnerability
A full update on the VMware Security Advisories (VMSAs) can be found here.