Late last week VMware delayed the release of Workstation 12.5 because of a bug it felt needed squashing before the code went live.
It turns out the desktop hypervisor doesn't have one: it has three. And all nasty.
Two derive from a dud installer. The first means "some DLL files [are] loaded by the application improperly."
"This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code."
The second installer mess comes about because it "contains an insecure executable loading vulnerability that may allow an attacker to execute an exe file placed in the same directory as installer."
"Successfully exploiting this issue may allow attackers to execute arbitrary code."
VMware has also 'fessed up to a problem that affects VMs running in Workstation that have virtual printing turned on. This flaw means "a Windows-based Virtual Machine to trigger a heap-based buffer overflow [and] may lead to arbitrary code execution in VMware Workstation running on Windows."
(Score: 3, Informative) by Arik on Monday September 19 2016, @04:04AM
If laughter is the best medicine, who are the best doctors?
(Score: 2) by Jeremiah Cornelius on Monday September 19 2016, @02:11PM
HA HA!
Look at VMware, trying to build a package that covers-over a screen door on the Microsoft submarine!
You're betting on the pantomime horse...