CVE-2005-4459

Name of the Vulnerable Software and Affected Versions VMWare Workstation version 5.5 GSX Server version 3.2 ACE version 1.0.1 Player version 1.0

Description A heap-based buffer overflow issue exists in the NAT networking components vmnat.exe and vmnet-natd. This allows remote authenticated attackers, including guests, to execute arbitrary code via crafted FTP commands, specifically EPRT and PORT commands.

Recommendations For VMWare Workstation version 5.5, update to a version that includes the fix for this issue. For GSX Server version 3.2, update to a version that includes the fix for this issue. For ACE version 1.0.1, update to a version that includes the fix for this issue. For Player version 1.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the NAT networking components vmnat.exe and vmnet-natd to minimize the risk of exploitation.