CVE-2012-2449

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 8.0.0 through 8.0.2 VMware Player versions 4.0.0 through 4.0.2 VMware Fusion versions 4.0.0 through 4.1.2 VMware ESXi versions 3.5 through 5.0 VMware ESX versions 3.5 through 4.1

Description The issue arises from the improper configuration of the virtual floppy device, allowing users with administrative privileges on the guest OS to potentially cause a denial of service or execute arbitrary code on the host OS. This can be achieved through an out-of-bounds write operation, which may result in the crash of the VMX process.

Recommendations For VMware Workstation versions 8.0.0 through 8.0.2, update to version 8.0.3 or later. For VMware Player versions 4.0.0 through 4.0.2, update to version 4.0.3 or later. For VMware Fusion versions 4.0.0 through 4.1.2, update to a version later than 4.1.2. For VMware ESXi versions 3.5 through 5.0, update to a version later than 5.0. For VMware ESX versions 3.5 through 4.1, update to a version later than 4.1.