VMware

 

VMware ACE 2.5.5 Release Notes

VMware ACE Version 2.5.5 | 2010/12/02 | Build 328052

Document Last Updated: 2010/12/01

These release notes cover the following topics:

Prior Releases

Features from the prior releases of VMware ACE are described in the following release notes:

Known Issues

VMware ACE includes the known issues listed in the Workstation 6.5.5 Release Notes.

Resolved Issues

The following issues are resolved in VMware ACE 2.5.5.

Security Fixes

  • A buffer overflow condition in libpng is addressed that could potentially lead to code execution with the privileges of the application using libpng. Two potential denial of service issues are also addressed in the update.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1205, CVE-2010-0205, and CVE-2010-2249 to these issues.

  • The VMware movie decoder contains the VMnc media codec that is required to play back movies recorded with VMware Workstation, VMware Player and VMware ACE, in any compatible media player on Windows hosts. The movie decoder is installed as part of VMware Workstation, VMware Player and VMware ACE, or can be downloaded as a stand alone package.

    A function in the decoder frame decompression routine implicitly trusts a size value. An attacker can utilize this to miscalculate a destination pointer, leading to the corruption of a heap buffer, and could allow for execution of arbitrary code with the privileges of the user running an application utilizing the vulnerable codec. For an attack to be successful the user must be tricked into visiting a malicious web page or opening a malicious video file on a system that has the vulnerable version of the VMnc codec installed.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4294 to this issue.

  • A vulnerability in the input validation of VMware Tools update allows for injection of commands. The issue could allow a  user on the host to execute commands on the guest operating system with root privileges The issue can only be exploited if VMware Tools is not fully up-to-date. Windows-based virtual machines are not affected.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-4297 to this issue.

Other Fixed Issues

  • The VMware Authorization Service service (Authd) consumes up to 100 percent of the CPU for several seconds at a time on some machines. Authd regularly checks performance counters to determine how much physical memory is in use. The implementation of this check has been changed in this release to make the processor impact negligible.
  • A virtual machine cannot open a virtual parallel (LPT) port that is connected to a physical port if the physical port's number exceeds the actual number of ports. For example, if the host has two parallel ports named LPT1 and LPT3, the virtual machine cannot open port LPT3. The following message appears in the log file when the virtual machine is powered on: [msg.parallel.badDriver] Cannot open VMparport driver for LPT<n>.

VMware ACE includes the resolved issues listed in the Workstation 6.5.5 Release Notes.

Top of Page