Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.
Multiple VMWare products are affected by a remote arbitrary code execution vulnerability.Successful exploitation can allow an attacker to execute arbitrary code on the vulnerable computer hosting VMWare. This may result in a complete compromise.This issue affects VMWare Workstation, VMWare GSX Server, VMWare ACE, and VMWare Player.
The vendor has released upgrades to address this issue. Users should contact the vendor to obtain upgrades. Gentoo Linux has released security advisory GLSA 200601-04 addressing this issue. Gentoo recommends all VMware Workstation users should upgrade to a fixed version: # emerge --sync # emerge --ask --oneshot --verbose app-emulation/vmware-workstation
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.