VMware on Thursday fixed a critical directory traversal vulnerability (CVE-2012-5978) in its View server products, which if exploited, could enable a remote attacker to access arbitrary files from affected View Servers.