VMware ≫ Workstation

VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.

Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any ...

VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.

VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session.

VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."

VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.

VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.

Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.