The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
A vulnerability might allow ESX/ESXi 4.0 and 4.1 hosts, vCenter Server 4.0 and 4.1 to direct vSphere Client to download and execute an arbitrary file from any URI (2075340)
vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1209 to this issue.
For more information on relevant vSphere Client releases that are affected, see VMware Security Advisory VMSA-2014-0003.
To resolve this issue, go to VMware Download Page to download latest vSphere Client.
Additional InformationFor translated versions of this article, see:
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.