VMWare multiple applications security vulnerabilities - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

VMWare multiple applications security vulnerabilities
Published: 02.09.2008
Source: BUGTRAQ
SecurityVulns ID: 9255
Type: remote
Level: 5/10
Description: Multiple ActiveX vulnerabilities, privilege escalation, ISAPI filters DoS, third party components updates.

Affected: VMWARE : VMware Workstation 5.5
VMWARE : VMware Player 1.0
VMWARE : VMware Server 1.0
VMWARE : VMware ACE 1.0
VMWARE : VMWare Workstation 6.0
VMWARE : VMware Player 2.0
VMWARE : VMWare ACE 2.0
VMWARE : VMware ESX 3.0
CVE: CVE-2008-3698
CVE-2008-3697
CVE-2008-3696
CVE-2008-3695
CVE-2008-3694
CVE-2008-3693
CVE-2008-3692
CVE-2008-3691
CVE-2008-2101
CVE-2008-1808
CVE-2008-1807
CVE-2008-1806
CVE-2008-1447
CVE-2007-5503
CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in EMC VMware Player might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.)
CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.)

Original document VMWARE, VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (02.09.2008)

Discuss: Read or add your comments to this news (0 comments)