13 Apr 2012
VMware Fusion 4.x
This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users.
This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
A security issue has been reported in multiple VMware products, which can be exploited by malicious, local users to gain escalated privileges.
The security issue is caused due to the application setting insecure permissions on the VMware Tools folder and can be exploited to gain escalated privileges on Windows-based guest operating systems.
Please see the vendor's advisory for a list of affected products and versions.
Update to a fixed version (please see the vendor's advisory for details).
The vendor credits Tavis Ormandy.