Select Page

There’s a serious vulnerability that’s been found in Vmware that can make malware “leap” out of Vmware into your host system.

Since Vmware is used heavily in malware research, this is an obvious danger.

From Vmware’s KB:

A vulnerability has been discovered in vmnat.exe on Windows hosts and vmnet-natd on Linux systems. The vulnerability in this component affects VMware Workstation 5.5, VMware GSX Server 3.2, VMware ACE 1.0.1, VMware Player 1.0, and previous releases of these products. The vulnerability makes it possible for a malicious guest using a NAT networking configuration to execute unwanted code on the host machine.

VMware believes that the vulnerability is very serious and recommends that affected users update their products to the new releases available at or change the configuration of the virtual machine so it does not use NAT networking.

Link here.  More at SecurityFocus.

I just spoke with Vmware Support (Rahul was very helpful), and patches are only available for versions VMware Workstation 5.5, VMware GSX Server 3.2, VMware ACE 1.0.1, VMware Player 1.0.  Apparently, all versions prior to these will need to address the problem by turning off NAT networking.  

If you have any confusions or doubts, I would recommend contacting Vmware support.

Also, a tip: If you own an older version like 4.5, it’s likely considerably cheaper just to buy a Silver support contract than to pay the upgrade price.  You get free upgrades with a Vmware support contract vs. just buying an upgrade.  Check with Vmware to see if it makes sense.


Alex Eckelberry
(Hat tip to Full Disclosure, Eric and Adam)