Late last week VMware delayed the release of Workstation 12.5 because of a bug it felt needed squashing before the code went live.
It turns out the desktop hypervisor doesn't have one: it has three. And all nasty.
Two derive from a dud installer. The first means "some DLL files [are] loaded by the application improperly."
"This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code."
The second installer mess comes about because it "contains an insecure executable loading vulnerability that may allow an attacker to execute an exe file placed in the same directory as installer."
"Successfully exploiting this issue may allow attackers to execute arbitrary code."
VMware has also 'fessed up to a problem that affects VMs running in Workstation that have virtual printing turned on. This flaw means "a Windows-based Virtual Machine to trigger a heap-based buffer overflow [and] may lead to arbitrary code execution in VMware Workstation running on Windows."
(Score: 0) by Anonymous Coward on Monday September 19 2016, @04:49PM
Maybe, just maybe, you shouldn't have sacked the entire Workstation and Fusion development group?
https://soylentnews.org/article.pl?sid=16/01/30/0322245 [soylentnews.org]
Just a thought...
(Score: 2) by Hyperturtle on Monday September 19 2016, @11:45PM
I wonder when they will eliminate the flash requirement to manage vsphere? I switched to Xen and virtual box for localized/less enterprise provisioning because of it; adobe flash is such a burden that it has no place on a production network management tool suite. Maybe if you are making forced looping commercials in the marketing department, but not for server administration...
I really dont need the flashy graphics, I just want to manage the hardware.