Release date: 2012-10-07
Updated on: 2012-10-09
Affected Systems:
VMWare Movie Decoder <9.0
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-4897
VMware Movie Decoder is a tool used to play movies through a media player in a vmwarevm.
Security Programs earlier than VMware Movie Decoder 9.0 have the suspicious search PATH Vulnerability, which allows local users to obtain permissions by installing Trojans in the directory.
<* Source: Mitja Kolsek
Link: http://www.vmware.com/security/advisories/VMSA-2012-0014.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
VMWare
------
VMWare has released a Security Bulletin (VMSA-2012-0014) and patches for this:
VMSA-2012-0014: VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates
Link: http://www.vmware.com/security/advisories/VMSA-2012-0014.html