VMware Workstation and Workstation ACE Edition 6.0.5 Build 109488

VMware Workstation 6.0.5 delivers groundbreaking advances in virtualization technology while offering numerous new features such as Windows Vista support, as well as industry-first support for multiple display monitors and USB 2.0 devices, making it highly appealing to IT administrators, developers, testers and other technical professionals and enthusiasts.
Introduced more than eight years ago, VMware Workstation enables pre-production testing of desktops and servers in virtual machines, rehosting of legacy applications, rapid provisioning and resetting of multi-tier environments and accelerated software development and testing. With an advanced feature set and broad support for x86 operating systems, VMware Workstation continues to be the gold standard virtualization product for desktop and laptop computers.
VMware Workstation continues to be the most advanced desktop virtualiza-tion product for industry-standard PCs. Only VMware Workstation offers broad operating system support for Windows, Linux, NetWare, Solaris x86 and FreeBSD. The product also features a sophisticated architecture that includes full 64-bit support, industry-first support for up to 10 network interface cards and experimental support for two-way Virtual SMP.

PALO ALTO, Calif., 8/28/08 VMware, Inc., the global leader in software for industry-standard virtualized desktops and servers, today announced the general availability of VMware Workstation 6.0.5, the sixth generation of its desktop virtualization software product.

New features in VMware Workstation include:
Windows Vista support: Users can deploy Windows Vista as a guest or host operating system, facilitating re-hosting of legacy systems, enabling upgrade and migration projects with minimal end-user disruption and simplifying Windows Vista evaluations.
Multiple monitor display: Users can configure one virtual machine to span multiple monitors or multiple virtual machines to each display on separate monitors with this industry-first capability, enhancing desktop productivity.
USB 2.0 support: Users can take advantage of high-performance peripherals such as Apple iPods and fast storage devices.
ACE authoring capabilities: As a companion to VMware Workstation 6, VMware now offers a VMware ACE Option Pack, which enables VMware Workstation 6 users to create secure, centrally manageable virtual machines. Mobility is one of the primary benefits of this Option Pack, as it allows users to securely transport virtual machines on portable media devices such as USB memory sticks.
Integrated Physical-to-Virtual (P2V) functionality: Users can create a virtual machine in minutes by cloning an existing physical computer.
Integrated virtual debugger: Users can deploy, run and debug programs inside a virtual machine directly from their preferred integrated development environments (IDE is), accelerating debugging with this industry-first integra-tion with Eclipse and Microsoft Visual Studio.
Background virtual machine execution: Users can run virtual machines in the background without the VMware Workstation user interface for an unclutte-red user experience.
Automation APIs: Users can write scripts and programs that automate and help quicken virtual machine testing with support for VIX API 2.0.
In addition, VMware Workstation v6.0 advances the state of the art in virtualization technology with groundbreaking new capabilities including:
Continuous virtual machine record and replay (experimental): Users can record the execution of a virtual machine, including all inputs, outputs and decisions made along the way. On demand, the user can go back in time to the start of the recording and replay execution, guaranteeing that the virtual machine will perform exactly the same operations every time and ensuring bugs can be reproduced and resolved.
Virtual Machine Interface (VMI) support (experimental): VMware Workstation v6.0 is the first virtualization platform to allow execution of para-virtualized guest operating systems that implement the VMI interface.

New in Version 6.0.5
Workstation 6.0.5 addresses the following security issues:

Setting ActiveX killbit
Starting from this release, VMware has set the killbit on its ActiveX controls. Setting the killbit ensures that ActiveX controls cannot run in Internet Explorer (IE), and avoids security issues involving ActiveX controls in IE. See the KB article 240797 from Microsoft and the related references on this topic.
Security vulnerabilities have been reported for ActiveX controls provided by VMware when run in IE. Under specific circumstances, exploitation of these ActiveX controls might result in denial-of-service or can allow running of arbitrary code when the user browses a malicious Web site or opens a malicious file in IE browser. An attempt to run unsafe ActiveX controls in IE might result in pop-up windows warning the user.
Note: IE can be configured to run unsafe ActiveX controls without prompting. VMware recommends that you retain the default settings in IE, which prompts when unsafe actions are requested.
Earlier, VMware had issued knowledge base articles, KB 5965318 and KB 9078920 on security issues with ActiveX controls.
To avoid malicious scripts that exploit ActiveX controls, do not enable unsafe ActiveX objects in your browser settings. As a best practice, do not browse untrusted Web sites as an administrator and do not click OK or Yes if prompted by IE to allow certain actions.
The Common Vulnerabilities and Exposures has assigned the names CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and CVE-2008-3696 to the security issues with VMware ActiveX controls.
Update to FreeType
FreeType 2.3.6 resolves an integer overflow vulnerability and other vulnerabilities that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted file. This release updates FreeType to its latest version 2.3.7.
The Common Vulnerabilities and Exposures has assigned the names CVE-2008-1806, CVE-2008-1807, and CVE-2008-1808 to the issues resolved in FreeType 2.3.6.
Update to Cairo
Cairo 1.4.12 resolves an integer overflow vulnerability that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted PNG file. This release updates Cairo to its latest version 1.4.14. The Common Vulnerabilities and Exposures has assigned the name CVE-2007-5503 to the issue resolved in Cairo 1.4.12.