VMware

 

VMware Player 3.1.6 Release Notes

VMware Player Version 3.1.6 | 13 JUNE 2012 | Build 744570

Last Document Update: 13 JUNE 2012

Check frequently for additions and updates to these release notes.

These release notes cover the following topics:

What's New

VMware Player 3.1.6 is a maintenance release that resolves some security issues.

Prior Releases of VMware Player

Known problems from prior releases of VMware Player are described in the release notes for each release. To view release notes for the prior release of VMware Player, see the following documents:

Resolved Issues

The following issues are resolved in VMware Player 3.1.6.

  • VMware Tools incorrect folder permissions privilege escalation
    The access control list of the VMware Tools folder was incorrectly set. Exploitation of this issue could have led to local privilege escalation on Windows-based guest operating systems.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1518 to this issue.
  • VMware host memory overwrite vulnerability (data pointers)
    Due to a flaw in the handler function for RPC commands, it was possible to manipulate data pointers within the VMX process. This vulnerability could have allowed a guest user to crash the VMX process or potentially execute code on the host.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1516 to this issue.
  • VMware host memory overwrite vulnerability (function pointers)
    Due to a flaw in the handler function for RPC commands, it was possible to manipulate function pointers within the VMX process. This vulnerability could have allowed a guest user to crash the VMX process or potentially execute code on the host.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1517 to this issue.
  • VMware floppy device out-of-bounds memory write
    Due to a flaw in the virtual floppy configuration it was possible to perform an out-of-bounds memory write. This vulnerability could have allowed a guest user to crash the VMX process or to potentially execute code on the host.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2449 to this issue.
  • VMware SCSI device unchecked memory write
    Due to a flaw in the SCSI device registration it was possible to perform an unchecked write into memory. This vulnerability could have allowed a guest user to crash the VMX process or to potentially execute code on the host.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2450 to this issue.
  • VMware host Checkpoint file memory corruption
    Input data is not properly validated when loading Checkpoint files. This could have allowed an attacker with the ability to load a specially crafted Checkpoint file to execute arbitrary code on the host.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-3288 to this issue.

VMware Security Advisory VMSA-2012-0009 and VMware Security Advisory VMSA-2012-0011 document workarounds and mitigation for these resolved issues.

Top of Page

Known Issues

Known issues from prior releases of VMware Player 3 also might apply to VMware Player 3.1.6.

Top of Page