VMware on Wednesday issued two security advisories, including one that fixes a critical memory corruption vulnerability that affects a wide range of the company’s products. The memory corruption vulnerability allows an attacker to send a malicious request from a guest operating system to the virtual hardware on a vulnerable machine, which could give the attacker the ability to write to uncontrolled physical memory, according to VMware’s advisory. The flaw affects ESX, ESX1, Fusion, ACE, Player, Workstation and VirtualCenter.
The second update VMware issued is a new version of the service console package bzip2. In vulnerable implementations, the flaw can cause applications to crash when they’re decompressing malformed archives. This problem affects several versions of ESX, the company said.