Copied from http://secunia.com
shinnai has discovered a vulnerability in multiple VMware products,
which can be exploited by malicious people to cause a DoS (Denial of
The vulnerability is caused due to an error in the VMware Authorization
Service when processing login requests. This can be exploited to
terminate the "vmware-authd" process via "USER" or "PASS" strings
containing e.g. '\xFF' characters, sent to TCP port 912.
The vulnerability is confirmed in vmware-authd.exe version 126.96.36.19988
included in VMware Workstation 6.5.3 build 185404, and reported in
VMware Player 2.5.3 build 185404 and VMware ACE 2.5.3. Other versions
may also be affected.
The solution listed is to restrict the port to trusted users only.
My question however is this: Does having a valid support pack entitle you to a patch to permantenty solve this issue? Or has support been suspended altogether regardless of support packs or not?
Intel Smackover x58-chipset
Intel i7 965
Radeon HD4870 1GB VRAM (5870 version ordered)
Vista Bus. x64/Windows 7 Ulti x64
never heard that VMware release patches for Workstation , Player or ACE.
If this is a serious issue I would expect we see an updated 6.5.4 instead.
VMX-parameters- VMware-liveCD - VM-Sickbay