VMware Workstation 6.0.5 Build 109488

[KilJaden]

VMware Workstation is powerful desktop virtualization software for software developers/testers and enterprise IT professionals that runs multiple operating systems simultaneously on a single PC. Users can run Windows, Linux, NetWare, or Solaris x86 in fully networked, portable virtual machines - no rebooting or hard drive partitioning required. VMware Workstation delivers excellent performance and advanced features such as memory optimization and the ability to manage multi-tier configurations. Essential features such as virtual networking, live snapshots, drag and drop and shared folders, and PXE support make VMware Workstation the most powerful and indispensable tool for enterprise IT developers and system administrators.

With millions of customers and dozens of major product awards over the last six years, VMware Workstation is a proven technology that improves productivity and flexibility. An indispensable tool for software developers and IT professionals worldwide.

VMware Workstation works by enabling multiple operating systems and their applications to run concurrently on a single physical machine. These operating systems and applications are isolated in secure virtual machines that co-exist on a single piece of hardware. The VMware virtualization layer maps the physical hardware resources to the virtual machine's resources, so each virtual machine has its own CPU, memory, disks, I/O devices, etc. Virtual machines are the full equivalent of a standard x86 machine.

Homepage

Download VMware Workstation 6.0.5 Build 109488 for Windows

[KilJaden]

Changes

Workstation 6.0.5 addresses the following security issues:

Setting ActiveX killbit

Starting from this release, VMware has set the killbit on its ActiveX controls. Setting the killbit ensures that ActiveX controls cannot run in Internet Explorer (IE), and avoids security issues involving ActiveX controls in IE. See the KB article 240797 from Microsoft and the related references on this topic.

Security vulnerabilities have been reported for ActiveX controls provided by VMware when run in IE. Under specific circumstances, exploitation of these ActiveX controls might result in denial-of-service or can allow running of arbitrary code when the user browses a malicious Web site or opens a malicious file in IE browser. An attempt to run unsafe ActiveX controls in IE might result in pop-up windows warning the user.

Note: IE can be configured to run unsafe ActiveX controls without prompting. VMware recommends that you retain the default settings in IE, which prompts when unsafe actions are requested.

Earlier, VMware had issued knowledge base articles, KB 5965318 and KB 9078920 on security issues with ActiveX controls.

To avoid malicious scripts that exploit ActiveX controls, do not enable unsafe ActiveX objects in your browser settings. As a best practice, do not browse untrusted Web sites as an administrator and do not click OK or Yes if prompted by IE to allow certain actions.

The Common Vulnerabilities and Exposures has assigned the names CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and CVE-2008-3696 to the security issues with VMware ActiveX controls.

Update to FreeType

FreeType 2.3.6 resolves an integer overflow vulnerability and other vulnerabilities that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted file. This release updates FreeType to its latest version 2.3.7.

The Common Vulnerabilities and Exposures has assigned the names CVE-2008-1806, CVE-2008-1807, and CVE-2008-1808 to the issues resolved in FreeType 2.3.6.

Update to Cairo

Cairo 1.4.12 resolves an integer overflow vulnerability that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted PNG file. This release updates Cairo to its latest version 1.4.14. The Common Vulnerabilities and Exposures has assigned the name CVE-2007-5503 to the issue resolved in Cairo 1.4.12.

[shought]

Frontpaged :P

'Hope I got the name right, lol!'