Technical Description

Multiple vulnerabilities have been identified in various VMWare products, which could be exploited by remote attackers to bypass security restrictions or compromise a vulnerable system, or by local attackers to disclose sensitive information or gain elevated privileges.

The first issue is caused by an error in VMware CPU hardware emulation could allow the virtual CPU to jump to an incorrect memory address, leading to a privilege escalation on 64-bit guest operating systems.

The second weakness is caused due to user passwords containing special characters are displayed when logging into VirtualCenter Server 2.0 with Virtual Infrastructure Client 2.5, which could cause the dialog box displaying the password to appear in front or hidden behind other windows.

Other vulnerabilities exist in JRE. For additional information, see : VUPEN/ADV-2008-2056

Credits

Vulnerabilities reported by Derek Soeder and Mark Woollatt.

ChangeLog

2008-10-06 : Initial release

Vulnerability Management

Subscribe to VUPEN Security VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@vupen.com.