FYI...VMSA-2014-0003 - VMware vSphere Client updates address security vulns
Synopsis: VMware vSphere Client updates address security vulnerabilities
CVE numbers: CVE-2014-1209, CVE-2014-1210
Summary: VMware vSphere Client updates address security vulnerabilities
Relevant Releases: vSphere Client 5.1, 5.0, 4.1, 4.0
Problem Description: vSphere Client Insecure Client Download
vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link... table lists the action required to remediate the vulnerability in each release, if a solution is available...(More detail available at the vmware URL above.)
CVE Reference: CVE-2014-1209, CVE-2014-1210
Apr 11 2014
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): vSphere Client 4.0, 4.1, 5.0, 5.1 ...
Solution: The vendor has issued a fix (5.0 Update 3, 5.1 Update 2; For versions 4.x, use vSphere Client 4.0 or 4.1 from ESX/EXSi)...
The vendor's advisory is available at: