CVE-2010-4297

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 6.5.x through 6.5.4 VMware Workstation versions 7.x through 7.1.1 VMware Player versions 2.5.x through 2.5.4 VMware Player versions 3.1.x through 3.1.1 VMware Server version 2.0.2 VMware Fusion versions 2.x through 2.0.7 VMware Fusion versions 3.1.x through 3.1.1 VMware ESXi versions 3.5, 4.0, and 4.1 VMware ESX versions 3.0.3, 3.5, 4.0, and 4.1

Description The issue allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a command injection issue.

Recommendations For VMware Workstation versions 6.5.x through 6.5.4, update to version 6.5.5 build 328052 or later. For VMware Workstation versions 7.x through 7.1.1, update to version 7.1.2 build 301548 or later. For VMware Player versions 2.5.x through 2.5.4, update to version 2.5.5 build 328052 or later. For VMware Player versions 3.1.x through 3.1.1, update to version 3.1.2 build 301548 or later. For VMware Server version 2.0.2, update to a version that is not affected by this issue. For VMware Fusion versions 2.x through 2.0.7, update to version 2.0.8 build 328035 or later. For VMware Fusion versions 3.1.x through 3.1.1, update to version 3.1.2 build 332101 or later. For VMware ESXi versions 3.5, 4.0, and 4.1, and VMware ESX versions 3.0.3, 3.5, 4.0, and 4.1, update to a version that is not affected by this issue.