Late last week VMware delayed the release of Workstation 12.5 because of a bug it felt needed squashing before the code went live.
It turns out the desktop hypervisor doesn't have one: it has three. And all nasty.
Two derive from a dud installer. The first means "some DLL files [are] loaded by the application improperly."
"This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code."
The second installer mess comes about because it "contains an insecure executable loading vulnerability that may allow an attacker to execute an exe file placed in the same directory as installer."
"Successfully exploiting this issue may allow attackers to execute arbitrary code."
VMware has also 'fessed up to a problem that affects VMs running in Workstation that have virtual printing turned on. This flaw means "a Windows-based Virtual Machine to trigger a heap-based buffer overflow [and] may lead to arbitrary code execution in VMware Workstation running on Windows."
(Score: 2) by wonkey_monkey on Monday September 19 2016, @08:01AM
Danger-Junk
Who told you my nickname?
systemd is Roko's Basilisk