CVE-2013-1662

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 8.x through 9.x VMware Player versions 4.x through 5.x

Description The issue allows host OS users to gain host OS privileges via a crafted lsb release binary in a directory in the PATH, related to the use of the popen library function. This is specifically relevant on systems based on Debian GNU/Linux.

Recommendations For VMware Workstation versions 8.x through 9.x, update to a version that includes a fix for this issue. For VMware Player versions 4.x through 5.x, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting the use of the popen library function or limiting access to the lsb release binary until a patch is available.