VMware Multiple Vulnerabilities

Multiple vulnerabilities were released for what looks like most versions of VMware. VMware Workstation, Server, Player, and ESX Server contain two vulnerabilities. The first of these is an unspecified error in the “OpenProcess”. This can be exploited by local users to escalate their privilege. From some limited Google searches I found that “OpenProcess” is an API function that must be being used by VMware’s core application.

The next vulnerabilities isn’t actually a VMware vulnerability as it is a freetype font vulnerability. CVE-2008-1806, CVE-2008-1807, and CVE-2008-1808 describe vulnerabilities in the font that can lead to the exploitation of systems (applications) using them. The same is true in VMware, if an application is using these fonts, then it’s possible to compromise the system via exploitation of the vulnerable application.

There appears to be an updated build for all version except ESX, which has an update pending.

Leave a Reply