发布日期：2010-09-24
更新日期：2010-09-24

受影响系统：

VMWare Workstation 7.x
VMWare Player 3.x

描述：

---

CVE(CAN) ID: CVE-2010-3277

VMware Workstation 是一款功能强大的桌面虚拟计算机软件，提供用户可在单一的桌面上同时运行不同的操作系统，和进行开发、测试 、部署新的应用程序的最佳解决方案。VMware Player只是一个系统“播放器”，而不能用于创建虚拟系统。

VMware Workstation/VMware Player 安装程序会自动显示安装目录内的index.htm文件，攻击者可通过创建该文件触发恶意的Web脚本或HTML使其执行。

<*来源：vendor
  
  链接：http://secunia.com/advisories/41574
        http://www.vmware.com/security/advisories/VMSA-2010-0014.html
*>

建议：

---

厂商补丁：

VMWare
------
VMWare已经为此发布了一个安全公告（VMSA-2010-0014）以及相应补丁:

VMSA-2010-0014：VMware Workstation, Player, and ACE address several security issues.

链接：http://www.vmware.com/security/advisories/VMSA-2010-0014.html

补丁下载：

VMware Workstation 7.1.2
   ------------------------
www.vmware.com/download/ws/
   Release notes:
http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html

   Workstation for Windows 32-bit and 64-bit with VMware Tools  
   md5sum: 2e9715ec297dc3ca904ad2707d3e2614
   sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a

   Workstation for Windows 32-bit and 64-bit without VMware Tools        
   md5sum: 066929f59aef46f11f4d9fd6c6b36e4d
   sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3

   Workstation 6.5.5
   ----------------
www.vmware.com/download/ws/
   Release notes:
http://downloads.vmware.com/support/ws65/doc/releasenotes_ws655.html

   Workstation for Windows 32-bit and 64-bit  
   md5sum: 7bff9b621529efb0de808a45e7821274
   sha1sum: 41af7a9a78717cb85dd30b4d830e99fd5de49cc1

   Workstation for Linux 32-bit (rpm)        
   md5sum: 17c3f1a0e6ccf2b1e224a5d75c845a47
   sha1sum: 3027b4e2215fae84fa9311f8cd762fee17e89df0

   Workstation for Linux 32-bit (rpm)        
   md5sum: 17c3f1a0e6ccf2b1e224a5d75c845a47
   sha1sum: 3027b4e2215fae84fa9311f8cd762fee17e89df0

   Workstation for Linux 32-bit (bundle)        
   md5sum: 7c24811fb999204f144d8b9f50e9fcae
   sha1sum: 18a05e6f4f772b7f0563dbd17596b66d1db8e9fa

   Workstation for Linux 64-bit (rpm)        
   md5sum: c25c2535d8091c4d46701ed081347901
   sha1sum: f4356bc224ea9805dac2d4b677f88a2f4220353e

   Workstation for Linux 64-bit (bundle)        
   md5sum: 7012bdaf182d256672ff2eb24b00a40f
   sha1sum: 58ecb2a494d4c7cc663e2028cf76c13d458fecac

   VMware Player 3.1.2
   -------------------
www.vmware.com/download/player/
   Release notes:
downloads.vmware.com/support/player31/doc/releasenotes_player312.html

   VMware Player for Windows 32-bit and 64-bit        
   md5sum: 3f289cb33af5e425c92d8512fb22a7ba
   sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70

   VMware Player for Linux 32-bit        
   md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8
   sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749

   VMware Player for Linux 64-bit        
   md5sum: 2ab08e0d4050719845a64d334ca15bb1
   sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c

   VMware Player 2.5.5
   -------------------
http://www.vmware.com/download/player/
   Release notes:
https://www.vmware.com/support/player25/doc/releasenotes_player255.html

   VMware Player 2.5.5 for Windows 32-bit and 64-bit        
   md5sum: 780b2c4e2b1610dea3090b1cd81d5ad7
   sha1sum: f6c451a11a4fe66e5a465de960de1358e83b8314

   VMware Player 2.5.5 for Linux 32-bit (rpm)        
   md5sum: 9e13ee3904bd2377ffb8cfa66460fe92
   sha1sum: 2482acad19f6b23cf0c236d1ce87d4805b7b0e6c

   VMware Player 2.5.5 for Linux 32-bit (bundle)        
   md5sum: 46dcfe9343f688d60e249d9e9c3853a4
   sha1sum: abfdeaf2cac83c630662607e7b95439367376abf

   VMware Player 2.5.5 for Linux 64-bit (rpm)        
   md5sum: 52d6dcdeed9e564c8cfe8c35cec885f0
   sha1sum: dbaa6dac55f592b9c6b16d7505796a2580836f4b

   VMware Player 2.5.5 for Linux 64-bit (bundle)        
   md5sum: 6c9a677820010ccd20f829cb5d2c057b
   sha1sum: ff6eccba3125229e8adbc1cb96764c2f116d89c5

   VMware ACE Management Server 2.7.2
   ----------------------------------
downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7
   Release notes:
downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html

   ACE Management Server for Windows  
   md5sum: 02f0072b8e48a98ed914b633f070d550
   sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4

浏览次数：1720
严重程度：0（网友投票）