The host is installed with VMware vSphere Client 4.0 before Update 4b or 4.1 before Update 3a and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows remote attackers to trigger the downloading and execution of an arbitrary program.