Hello,

Before everyone clicks on that link, I suggest you first either install TOR or do so from a disposable virtual machine. Milw0rm is a great source for finding code that can be used to penetration test systems but it is also a hacker site so use at your own risk.

Update: This is against VMPlayer and VMware Workstation and old versions at that. I am not sure it applies to anything modern..... 2.5.1 of VMplayer and Workstation is pretty old.

One solution is to properly firewall port 912 so that it is not accessible from outside the host.


Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll
Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

Hi,

Yes, VMware is aware of the issue and working on a fix. Turns out it was a typographical error in using one of our string safe functions. There is NO possibility of code execution.

--Ksl
Kirk Larsen
Product Security Officer
VMware Inc.

Edward,

VMware player version 2.5.1 is the player that comes with VMware Workstation 6.5.1, so he is right that it is a DOS against current products and not some old version.

--
Wil
_____________________________________________________
Visit the new VMware developers wiki at http://www.vi-toolkit.com

Hello Kirk,

Thank you for clearing this up!


Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll
Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links