If you are running VMware on a Windows host configured with host-to-guest shared folders, it is possible for a program running in the guest to gain access to the host’s complete file system and create or modify executable files in sensitive locations.
A vulnerability exists in VMware’s shared folders mechanism that grants users of a Guest system read and write access to any portion of the Host’s file system including the system folder and other security-sensitive files. Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it.
Affected versions include:
-
VMware Workstation 6.0.2 and earlier
-
VMware Workstation 5.5.4 and earlier
-
VMware Player 2.0.2 and earlier
-
VMware Player 1.0.4 and earlier
-
VMware ACE 2.0.2 and earlier
- VMware ACE 1.0.2 and earlier
The following VMware products are not affected:
-
VMware Server is not affected because it does not use shared folders.
-
No versions of ESX Server, including ESX Server 3i, are affected by this vulnerability. Because ESX Server is based on a bare-metal hypervisor architecture, not a hosted architecture, it does not include any shared folder abilities.
-
VMware Fusion and Linux-hosted VMware products are unaffected.
Workaround
Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders.To disable shared folders in the Global settings:
-
From the VMware product’s menu, choose Edit > Preferences.
-
In the Workspace tab, under Virtual Machines, deselect the checkbox for Enable all shared folders by default.
To disable shared folders for the individual virtual machine settings:
-
From the VMware product’s menu, choose VM > Settings.
-
In the Options tab, select Shared Folders and Disable.