VMware has acknowledged some vulnerabilities in VMware Workstation, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

1) Various vulnerabilities are caused due to unspecified errors within certain ActiveX controls. These can be exploited to e.g. execute arbitrary code by tricking a user into visiting a malicious website.

2) An unspecified error related to "OpenProcess" can be exploited by malicious, local users on a host system to gain escalated privileges on the host system.

This vulnerability affects VMware Workstation 5.x for Windows only.

3) Some vulnerabilities in freetype can potentially be exploited by malicious people to compromise an application using the library.

For more information:
SA30600

4) A vulnerability in cairo can potentially be exploited by malicious people to compromise an application using the library.

For more information:
SA27880

This vulnerability affects VMware Workstation 6.x for Linux only.

5) An error in the emulation of "JMP" instructions to "non-canonical" 64-bit addresses can be exploited to run arbitrary code with escalated privileges inside a VMware guest.

Solution
VMware Workstation 5.x:
Further details available to Secunia VIM customers

Provided and/or discovered by
1) The vendor credits Julien Bachmann, Shennan Wang, Shinnai, and Michal Bucko
2) The vendor credits Sun Bing, McAfee
5) The vendor credits Derek Soeder.

Changelog
Further details available to Secunia VIM customers

Original Advisory
VMware:
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Derek Soeder:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers