Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

A vulnerability might allow ESX/ESXi 4.0 and 4.1 hosts, vCenter Server 4.0 and 4.1 to direct vSphere Client to download and execute an arbitrary file from any URI (2075340)

Details

vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1209 to this issue.
 
For more information on relevant vSphere Client releases that are affected, see VMware Security Advisory VMSA-2014-0003.

Solution

To resolve this issue, go to VMware Download Page to download latest vSphere Client.

Additional Information

For translated versions of this article, see:

Update History

04/23/2014 - Added under Details: Refer to VMware Security Advisory VMSA-2014-0003 for more details on relevant vSphere Client releases that are affected.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 1 Ratings
Actions
KB: