VMWare: Moderate Code Execution Threat Due to Serious Flaw

Virtual infrastructure software maker VMWare Inc. has rushed out fixes for a "very serious" security flaw that put users of its product line at risk of code execution attacks. The vulnerability, which affects both Windows and Linux systems, affects VMware Workstation 5.5, VMware GSX Server 3.2, VMware ACE 1.0.1 and the free VMware Player 1.0. All previous versions of these products are also affected.

VMWare, of Palo Alto, Calif., acknowledged the vulnerability in a published advisory and warned that it is possible for a malicious guest using a NAT networking configuration to execute unwanted code on the host machine.

The company rates the vulnerability as "very serious" and recommends that affected users apply the updates provided or change the configuration of the virtual machine so it does not use NAT networking.

The link for this article located at eWeek is no longer available.