C-Note-06-009: VMWare Vulnerability announced and fixed (12/22/05)

A vulnerability exists in a number of VMWare products (including Workstation, GSX, ACE, and player) that would allow an attacker to escape the virtual machine and execute code in the underlying host OS. This one is pretty significant for those who use VMWare for malware analysis or even to isolate/sandbox their web browsing. Users are urged to update to the latest build or disable NAT as soon as possible.

CIAC would like to thank SANS for this information. Please visit SAN's web site to download the document:

http://isc.sans.org/diary.php?storyid=950