Some vulnerabilities have been reported in various VMware products, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), or gain escalated privileges.

1) An error exists in the CPU hardware emulation when handling the Trap flag. This can be exploited by a local user on a guest operating system to gain escalated privileges.

2) An unspecified error in the implementation of virtual machine hardware can be exploited to write to arbitrary physical memory on the host via a specially crafted request sent from a guest operating system.

3) An unspecified error in a guest virtual device driver can be exploited to crash the host system.

Please see vendor's advisories for a list of affected products and versions.

Solution
Update to the latest version or apply patches.
Further details available in Customer Area

Provided and/or discovered by
The vendor credits:
1) Derek Soeder
2, 3) Andrew Honig, Department of Defense

Changelog
Further details available in Customer Area

Original Advisory
VMSA-2008-0018:
http://lists.vmware.com/pipermail/security-announce/2008/000042.html

VMSA-2008-0019:
http://lists.vmware.com/pipermail/security-announce/2008/000046.html

VMSA-2009-0005:
http://lists.vmware.com/pipermail/security-announce/2009/000054.html

Derek Soeder:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065505.html

Deep Links
Links available in Customer Area