Release date: 2012-03-16
Updated on: 2012-03-19
Affected Systems:
VMWare ESX Server 4.x
VMWare ESXi 5.x
VMWare ESXi 4.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2010-0405, CVE-2012-1508, CVE-2012-1510
VMware ESX Server is an enterprise-level virtual computer software for any system environment.
VMware ESX Server and VMware ESXi have multiple vulnerabilities in implementation, which can be exploited by malicious users to escalate permissions, cause access denial, and control user systems.
1) The WDDM display driver may be exploited to cause buffer overflow.
2) The XPDM display driver has a null pointer reference error.
3) the application is bound to the affected version bzip2.
<* Source: Tarjei Mandt
Link: http://secunia.com/advisories/48378/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
VMWare
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.vmware.com/security/