VMware Security Advisory VMSA-2012-0014 Review

VMware has release,the 04 October 2012, one security advisory VMSA-2012-0014 concerning VMware vCenter Operation, vCenter CapacityIQ and Movie Decoder.

VMware Movie Decoder Installer binary planting vulnerability

VMware Movie Decoder is affected by one vulnerability, CVE-2012-4897, with a 6.9 CVSS base score. The vulnerability was discovered and reported by Mitja Kolsek of ACROS Security. Movie Decoder previous to version 9.0 are affected.

vCenter Operations cross-site scripting vulnerability

vCenter Operations is affected by a XSS vulnerability, CVE-2012-5050, with a 4.3 CVSS base score. The vulnerability was discovered and reported by Alexander Minozhenko of ERPScan. vCOps previous to version 5.0.x are affected.

vCenter CapacityIQ path traversal vulnerability

vCenter CapacityIQ is affected by a path traversal vulnerability, CVE-2012-5051, with a 5.0 CVSS base score. The vulnerability was discovered and reported by Alexander Minozhenko of ERPScan. CapacityIQ previous to vCOps 5.0.x are affected.