VMware has issued an update for a number of its more popular products, fixing several vulnerabilities. Some of the flaws could lead to arbitrary code execution.
The patches resolve security issues in the following VMware products: VMware Workstation 7.1.3 and earlier, VMware Player 3.1.3 and earlier, VMware Fusion 3.1.2 and earlier, and various versions of their ESXi product.
The United States Computer Emergency Readiness Team (US-CERT) posted the bulletin to their current activities Web page, warning that the exploitation of these vulnerabilities could lead to the execution of arbitrary code, cause denials-of-service, bypass security mechanisms, allow an attacker to operate with elevated privileges, or obtain sensitive data.
US-CERT advises that users and administrators read the entire advisory, VMSA-2011-0009, and apply any necessary updates.