Two vulnerabilities have been reported in multiple VMware products, which can be exploited by malicious, local users to potentially gain escalated privileges, and by malicious people to compromise a vulnerable system.

1) An error related to the unsafe loading of libraries exists in the VMware Tools package for Windows. This can be exploited to execute arbitrary code on a guest system by tricking a user into clicking a file placed on a network share.

2) An error in the VMware Tools package for Windows can be exploited to potentially gain escalated privileges by placing a malicious executable in a certain location inside a guest operating system.

NOTE: This vulnerability cannot be exploited without administrative privileges on recent Windows versions (e.g. Windows XP and Windows Vista).

The vulnerabilities are reported in the following products and versions:
* VMware ESXi versions 3.5 and 4.0
* VMware ESX Server versions 2.5.5, 3.0.3, 3.5, and 4.0
* VMware Server 2.x

Solution
Apply patches and update VMware Tools in guest operating systems. Please see the vendor's advisory for more information.

Provided and/or discovered by
1) Jure Skofic and Mitja Kolsek of ACROS Security
2) Mitja Kolsek of ACROS Security

Changelog
Further details available in Customer Area

Original Advisory
VMSA-2010-0007:
http://lists.vmware.com/pipermail/security-announce/2010/000090.html

ACROS Security:
http://www.acrossecurity.com/aspr/ASPR-2010-04-12-1-PUB.txt
http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt

Deep Links
Links available in Customer Area