CVE-2009-2267

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 6.5.x through 6.5.3 build 185404 VMware Player versions 2.5.x through 2.5.3 build 185404 VMware ACE versions 2.5.x through 2.5.3 build 185404 VMware Server versions 1.x through 1.0.10 build 203137 VMware Server versions 2.x through 2.0.2 build 203138 VMware Fusion versions 2.x through 2.0.6 build 196839 VMware ESXi versions 3.5 and 4.0 VMware ESX versions 2.5.5, 3.0.3, 3.5, and 4.0

Description The issue allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register when Virtual-8086 mode is used. This occurs because the exception code is not properly set upon a page fault exception.

Recommendations For VMware Workstation versions 6.5.x through 6.5.3 build 185404, update to build 185404 or later. For VMware Player versions 2.5.x through 2.5.3 build 185404, update to build 185404 or later. For VMware ACE versions 2.5.x through 2.5.3 build 185404, update to build 185404 or later. For VMware Server versions 1.x through 1.0.10 build 203137, update to build 203137 or later. For VMware Server versions 2.x through 2.0.2 build 203138, update to build 203138 or later. For VMware Fusion versions 2.x through 2.0.6 build 196839, update to build 196839 or later. For VMware ESXi versions 3.5 and 4.0, and VMware ESX versions 2.5.5, 3.0.3, 3.5, and 4.0, update to a version that includes the fix for this issue.