VMware ACE 2.5.5 Release Notes
These release notes cover the following topics:
VMware ACE Version 2.5.5 | 2010/12/02 | Build 328052
Document Last Updated: 2010/12/01
Features from the prior releases of VMware ACE are described in the following release notes:
VMware ACE includes the known issues
listed in the Workstation 6.5.5 Release Notes.
The following issues are resolved in VMware ACE 2.5.5.
A buffer overflow condition in libpng is addressed that could
potentially lead to code execution with the privileges of the
application using libpng. Two potential denial of service issues
are also addressed in the update.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1205, CVE-2010-0205, and CVE-2010-2249 to these issues.
The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player and VMware ACE, in any compatible media player on Windows hosts. The movie decoder is installed as part of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package.
A function in the decoder frame decompression routine implicitly trusts a size value. An attacker can utilize this to miscalculate a destination pointer, leading to the corruption of a heap buffer, and could allow for execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. For an attack to be successful the user must be tricked into visiting a malicious web page or opening a malicious video file on a system that has the vulnerable version of the VMnc codec installed.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4294 to this issue.
A vulnerability in the input validation of VMware Tools update allows for injection of commands. The issue could allow a user on the host to execute commands on the guest operating system with root privileges The issue can only be exploited if VMware Tools is not fully up-to-date. Windows-based virtual machines are not affected.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4297 to this issue.
Other Fixed Issues
The VMware Authorization Service service (Authd) consumes up to 100 percent of the CPU for several seconds at a time on some machines. Authd regularly checks performance counters to determine how much physical memory is in use. The implementation of this check has been changed in this release to make the processor impact negligible.
A virtual machine cannot open a virtual parallel (LPT) port that is connected to a physical port if the physical port's number exceeds the actual number of ports. For example, if the host has two parallel ports named LPT1 and LPT3, the virtual machine cannot open port LPT3. The following message appears in the log file when the virtual machine is powered on: [msg.parallel.badDriver] Cannot open VMparport driver for LPT<n>.
VMware ACE includes the resolved issues listed in the Workstation 6.5.5 Release Notes.
Top of Page