CVE-2010-1138

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 7.0 through 7.0.0 VMware Workstation version 6.5.x through 6.5.3 VMware Player versions 3.0 through 3.0.0 VMware Player version 2.5.x through 2.5.3 VMware ACE versions 2.6 through 2.6.0 and 2.5.x through 2.5.3 VMware Server version 2.x VMware Fusion versions 3.0 through 3.0.0 and 2.x through 2.0.6

Description The virtual networking stack allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.

Recommendations For VMware Workstation version 7.0, update to version 7.0.1 build 227600 or later. For VMware Workstation version 6.5.x, update to version 6.5.4 build 246459 or later. For VMware Player version 3.0, update to version 3.0.1 build 227600 or later. For VMware Player version 2.5.x, update to version 2.5.4 build 246459 or later. For VMware ACE versions 2.6 and 2.5.x, update to version 2.6.1 build 227600 or later and 2.5.4 build 246459 or later respectively. For VMware Server version 2.x, no specific fix is provided. For VMware Fusion versions 3.0 and 2.x, update to version 3.0.1 build 232708 or later and 2.0.7 build 246742 or later respectively.