The DHCP software is used to assign IP addresses to the different virtual machines running within VMware, but IBM researchers discovered that it can be exploited to gain control of the computer. That could be very bad news for someone running a lot of applications on the same VMware box, said Tom Cross, a researcher with IBM's Internet Security Systems group. "By exploiting this vulnerability you get complete control of any of the machines that are running on that virtual environment," he said.
IBM's researchers have developed exploit code for three separate flaws in the DHCP software, all of which are now patched, Cross said.
In order to attack a system, however, an attacker would first need to gain access to software running within the virtual machine. Typically VMware's DHCP server is not configured to be accessible to systems on other machines.
But VMware fixed them alright. They always do it prompty not like Oracle's quaterly bugs, no matter hoe full yer basket is.