Vulnerabilites related to vmware - ace
CVE-2005-4459 (GCVE-0-2005-4459)
Vulnerability from cvelistv5
Published
2005-12-21 20:00
Modified
2024-08-07 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18344"
},
{
"name": "282",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/282"
},
{
"name": "ADV-2005-3013",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/3013"
},
{
"name": "18162",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
},
{
"name": "GLSA-200601-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
},
{
"name": "15998",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15998"
},
{
"name": "1015401",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015401"
},
{
"name": "20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
},
{
"name": "VU#856689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856689"
},
{
"name": "20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
},
{
"name": "20051221 VMware vulnerability in NAT networking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
},
{
"name": "289",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18344"
},
{
"name": "282",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/282"
},
{
"name": "ADV-2005-3013",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/3013"
},
{
"name": "18162",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
},
{
"name": "GLSA-200601-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
},
{
"name": "15998",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15998"
},
{
"name": "1015401",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015401"
},
{
"name": "20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
},
{
"name": "VU#856689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856689"
},
{
"name": "20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
},
{
"name": "20051221 VMware vulnerability in NAT networking",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
},
{
"name": "289",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18344"
},
{
"name": "282",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/282"
},
{
"name": "ADV-2005-3013",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3013"
},
{
"name": "18162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18162"
},
{
"name": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
},
{
"name": "GLSA-200601-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
},
{
"name": "15998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15998"
},
{
"name": "1015401",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015401"
},
{
"name": "20051221 [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
},
{
"name": "VU#856689",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856689"
},
{
"name": "20051221 [Security-Advisories (at) acs-inc (dot) com [email concealed]: [Full-disclosure] [ACSSEC-2005-11-25-0x1] VMWare Workstation 5.5.0 \u003c= build-18007 G SX Server Variants And Others]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
},
{
"name": "20051221 VMware vulnerability in NAT networking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
},
{
"name": "289",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4459",
"datePublished": "2005-12-21T20:00:00",
"dateReserved": "2005-12-21T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3892 (GCVE-0-2008-3892)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "6345",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "vmware-comapi-guestinfo-bo(43062)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "29503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "6345",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "vmware-comapi-guestinfo-bo(43062)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "29503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "6345",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6345"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "vmware-comapi-guestinfo-bo(43062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "29503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29503"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "MISC",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3892",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-09-03T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1392 (GCVE-0-2008-1392)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "vmware-vix-api-unspecified(41551)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41551"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "vmware-vix-api-unspecified(41551)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41551"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "vmware-vix-api-unspecified(41551)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41551"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1392",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-19T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4497 (GCVE-0-2007-4497)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "25731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25731"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "25731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25731"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018718"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27694"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "25731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25731"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018718"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4497",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-08-22T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3696 (GCVE-0-2008-3696)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3696",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5671 (GCVE-0-2007-5671)
Vulnerability from cvelistv5
Published
2008-06-05 20:21
Modified
2024-08-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "oval:org.mitre.oval:def:5688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30556"
},
{
"name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
},
{
"name": "oval:org.mitre.oval:def:5358",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
},
{
"name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "1020197",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020197"
},
{
"name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
},
{
"name": "3922",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "oval:org.mitre.oval:def:5688",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30556"
},
{
"name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
},
{
"name": "oval:org.mitre.oval:def:5358",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
},
{
"name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "1020197",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020197"
},
{
"name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
},
{
"name": "3922",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "oval:org.mitre.oval:def:5688",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30556"
},
{
"name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
},
{
"name": "oval:org.mitre.oval:def:5358",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
},
{
"name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "1020197",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020197"
},
{
"name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
},
{
"name": "3922",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5671",
"datePublished": "2008-06-05T20:21:00",
"dateReserved": "2007-10-23T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1361 (GCVE-0-2008-1361)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "vmware-authd-privilege-escalation(41257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41257"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "vmware-authd-privilege-escalation(41257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41257"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "vmware-authd-privilege-escalation(41257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41257"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1361",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1340 (GCVE-0-2008-1340)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "vmware-vmci-dos(41250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41250"
},
{
"name": "1019624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "28289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger \"memory exhaustion and memory corruption.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "vmware-vmci-dos(41250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41250"
},
{
"name": "1019624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "28289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger \"memory exhaustion and memory corruption.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "vmware-vmci-dos(41250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41250"
},
{
"name": "1019624",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019624"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "28289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1340",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-14T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1363 (GCVE-0-2008-1363)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vmware-config-privilege-escalation(41252)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "1019622",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for \"hijacking the VMX process.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vmware-config-privilege-escalation(41252)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "1019622",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for \"hijacking the VMX process.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vmware-config-privilege-escalation(41252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252"
},
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "1019622",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019622"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1363",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0063 (GCVE-0-2007-0063)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "dhcp-param-underflow(33103)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33103"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "dhcp-param-underflow(33103)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33103"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "dhcp-param-underflow(33103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33103"
},
{
"name": "1018717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"refsource": "ISS",
"url": "http://www.iss.net/threats/275.html"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0063",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-01-04T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0177 (GCVE-0-2009-0177)
Vulnerability from cvelistv5
Published
2009-01-20 15:26
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6433",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "33372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33372"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0024"
},
{
"name": "51180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51180"
},
{
"name": "7647",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7647"
},
{
"name": "1021512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021512"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "34601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34601"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6433",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "33372",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33372"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0024"
},
{
"name": "51180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51180"
},
{
"name": "7647",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7647"
},
{
"name": "1021512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021512"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "34601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34601"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6433",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "33372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33372"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0024",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0024"
},
{
"name": "51180",
"refsource": "OSVDB",
"url": "http://osvdb.org/51180"
},
{
"name": "7647",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7647"
},
{
"name": "1021512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021512"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "34601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34601"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0177",
"datePublished": "2009-01-20T15:26:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0062 (GCVE-0-2007-0062)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501759/100/0/threaded"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "31396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31396"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0041"
},
{
"name": "dhcp-param-overflow(33102)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33102"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=339561"
},
{
"name": "GLSA-200808-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-05.xml"
},
{
"name": "MDVSA-2009:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "34263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=227135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501759/100/0/threaded"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "31396",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31396"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0041"
},
{
"name": "dhcp-param-overflow(33102)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33102"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=339561"
},
{
"name": "GLSA-200808-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-05.xml"
},
{
"name": "MDVSA-2009:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "34263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=227135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4client",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501759/100/0/threaded"
},
{
"name": "USN-543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27694"
},
{
"name": "31396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31396"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"refsource": "ISS",
"url": "http://www.iss.net/threats/275.html"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0041",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0041"
},
{
"name": "dhcp-param-overflow(33102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33102"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=339561",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=339561"
},
{
"name": "GLSA-200808-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-05.xml"
},
{
"name": "MDVSA-2009:153",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:153"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "SUSE-SR:2009:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "34263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34263"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=227135",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=227135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0062",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-01-04T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0908 (GCVE-0-2009-0908)
Vulnerability from cvelistv5
Published
2009-04-06 15:00
Modified
2024-08-07 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "oval:org.mitre.oval:def:6399",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399"
},
{
"name": "1021975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021975"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "oval:org.mitre.oval:def:6399",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399"
},
{
"name": "1021975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021975"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "oval:org.mitre.oval:def:6399",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399"
},
{
"name": "1021975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021975"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0908",
"datePublished": "2009-04-06T15:00:00",
"dateReserved": "2009-03-14T00:00:00",
"dateUpdated": "2024-08-07T04:57:16.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3732 (GCVE-0-2009-3732)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "39110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39110"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "39110",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39110"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "39110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39110"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3732",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2009-10-20T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1141 (GCVE-0-2010-1141)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023832"
},
{
"name": "oval:org.mitre.oval:def:7020",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023832"
},
{
"name": "oval:org.mitre.oval:def:7020",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023833",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"name": "oval:org.mitre.oval:def:7020",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1141",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2100 (GCVE-0-2008-2100)
Vulnerability from cvelistv5
Published
2008-06-05 20:21
Modified
2024-08-07 08:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "1020200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020200"
},
{
"name": "vmware-vixapi-multiple-unspecified-bo(42872)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
},
{
"name": "oval:org.mitre.oval:def:5647",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30556"
},
{
"name": "oval:org.mitre.oval:def:5081",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
},
{
"name": "29552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29552"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "3922",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "1020200",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020200"
},
{
"name": "vmware-vixapi-multiple-unspecified-bo(42872)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
},
{
"name": "oval:org.mitre.oval:def:5647",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30556"
},
{
"name": "oval:org.mitre.oval:def:5081",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
},
{
"name": "29552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29552"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "3922",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2008-1744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"name": "1020200",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020200"
},
{
"name": "vmware-vixapi-multiple-unspecified-bo(42872)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
},
{
"name": "oval:org.mitre.oval:def:5647",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"name": "30556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30556"
},
{
"name": "oval:org.mitre.oval:def:5081",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
},
{
"name": "29552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29552"
},
{
"name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"name": "3922",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2100",
"datePublished": "2008-06-05T20:21:00",
"dateReserved": "2008-05-07T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5023 (GCVE-0-2007-5023)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "25732",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious \"program.exe\" file in the C: folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "25732",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious \"program.exe\" file in the C: folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "25732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25732"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5023",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-09-21T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2628 (GCVE-0-2009-2628)
Vulnerability from cvelistv5
Published
2009-09-08 22:00
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"name": "36290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36290"
},
{
"name": "20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"name": "ADV-2009-2553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2553"
},
{
"name": "VU#444513",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/444513"
},
{
"name": "34938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "[security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"name": "36290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36290"
},
{
"name": "20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"name": "ADV-2009-2553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2553"
},
{
"name": "VU#444513",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/444513"
},
{
"name": "34938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"name": "36290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36290"
},
{
"name": "20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"name": "ADV-2009-2553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2553"
},
{
"name": "VU#444513",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/444513"
},
{
"name": "34938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34938"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-2628",
"datePublished": "2009-09-08T22:00:00",
"dateReserved": "2009-07-28T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0909 (GCVE-0-2009-0909)
Vulnerability from cvelistv5
Published
2009-04-06 15:00
Modified
2024-08-07 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021974"
},
{
"name": "oval:org.mitre.oval:def:6251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021974"
},
{
"name": "oval:org.mitre.oval:def:6251",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021974"
},
{
"name": "oval:org.mitre.oval:def:6251",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0909",
"datePublished": "2009-04-06T15:00:00",
"dateReserved": "2009-03-14T00:00:00",
"dateUpdated": "2024-08-07T04:57:16.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1805 (GCVE-0-2009-1805)
Vulnerability from cvelistv5
Published
2009-06-01 19:00
Modified
2024-08-07 05:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35269"
},
{
"name": "35141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35141"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "oval:org.mitre.oval:def:6130",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "ADV-2009-1452",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1452"
},
{
"name": "1022300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022300"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35269",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35269"
},
{
"name": "35141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35141"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "oval:org.mitre.oval:def:6130",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "ADV-2009-1452",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1452"
},
{
"name": "1022300",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022300"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35269"
},
{
"name": "35141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35141"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"name": "oval:org.mitre.oval:def:6130",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130"
},
{
"name": "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"name": "ADV-2009-1452",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1452"
},
{
"name": "1022300",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022300"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1805",
"datePublished": "2009-06-01T19:00:00",
"dateReserved": "2009-05-28T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5025 (GCVE-0-2007-5025)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-09-17 01:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user."
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of \"images stored in virtual machines downloaded by the user.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-09-21T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of \"images stored in virtual machines downloaded by the user.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5025",
"datePublished": "2007-09-21T18:00:00Z",
"dateReserved": "2007-09-21T00:00:00Z",
"dateUpdated": "2024-09-17T01:26:17.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3694 (GCVE-0-2008-3694)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3694",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1364 (GCVE-0-2008-1364)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-dhcp-unspecified-dos(41254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41254"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "1019623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019623"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "28289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-dhcp-unspecified-dos(41254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41254"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "1019623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019623"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "28289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-dhcp-unspecified-dos(41254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41254"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "1019623",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019623"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "28289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1364",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0923 (GCVE-0-2008-0923)
Vulnerability from cvelistv5
Published
2008-02-26 00:00
Modified
2024-08-07 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27944",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27944"
},
{
"name": "29117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019493",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019493"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "vmware-sharedfolders-directory-traversal(40837)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
},
{
"name": "ADV-2008-0679",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0679"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "3700",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27944",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27944"
},
{
"name": "29117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019493",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019493"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "vmware-sharedfolders-directory-traversal(40837)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
},
{
"name": "ADV-2008-0679",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0679"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "3700",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27944"
},
{
"name": "29117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29117"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2129",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2129"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019493",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019493"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "vmware-sharedfolders-directory-traversal(40837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
},
{
"name": "ADV-2008-0679",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0679"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "3700",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0923",
"datePublished": "2008-02-26T00:00:00",
"dateReserved": "2008-02-25T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3695 (GCVE-0-2008-3695)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3695",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3692 (GCVE-0-2008-3692)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3692",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0061 (GCVE-0-2007-0061)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "dhcp-malformed-packet-bo(33101)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33101"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers \"corrupt stack memory.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "dhcp-malformed-packet-bo(33101)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33101"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers \"corrupt stack memory.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25729"
},
{
"name": "GLSA-200711-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "1018717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018717"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27694"
},
{
"name": "20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities",
"refsource": "ISS",
"url": "http://www.iss.net/threats/275.html"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "dhcp-malformed-packet-bo(33101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33101"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0061",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-01-04T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0199 (GCVE-0-2009-0199)
Vulnerability from cvelistv5
Published
2009-09-08 22:00
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters).
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"name": "36290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-25/"
},
{
"name": "20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"name": "ADV-2009-2553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2553"
},
{
"name": "34938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "[security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"name": "36290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-25/"
},
{
"name": "20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"name": "ADV-2009-2553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2553"
},
{
"name": "34938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-0199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"name": "36290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36290"
},
{
"name": "http://secunia.com/secunia_research/2009-25/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-25/"
},
{
"name": "20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"name": "ADV-2009-2553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2553"
},
{
"name": "34938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34938"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2009-0199",
"datePublished": "2009-09-08T22:00:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3693 (GCVE-0-2008-3693)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3693",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4811 (GCVE-0-2009-4811)
Vulnerability from cvelistv5
Published
2010-04-27 15:00
Modified
2024-08-07 07:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "36630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://freetexthost.com/qr1tffkzpu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "36630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://freetexthost.com/qr1tffkzpu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "36630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36630"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "MISC",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "http://freetexthost.com/qr1tffkzpu",
"refsource": "MISC",
"url": "http://freetexthost.com/qr1tffkzpu"
},
{
"name": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html",
"refsource": "MISC",
"url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4811",
"datePublished": "2010-04-27T15:00:00",
"dateReserved": "2010-04-27T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1138 (GCVE-0-2010-1138)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:05.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39203"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023836"
},
{
"name": "39395",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "63607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63607"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39203"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023836"
},
{
"name": "39395",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "63607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63607"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39203"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023836"
},
{
"name": "39395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39395"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "39215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39215"
},
{
"name": "63607",
"refsource": "OSVDB",
"url": "http://osvdb.org/63607"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1138",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:05.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1362 (GCVE-0-2008-1362)
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-namedpipes-privilege-escalation(41259)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-namedpipes-privilege-escalation(41259)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "3755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3755"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-namedpipes-privilege-escalation(41259)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019621",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019621"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1362",
"datePublished": "2008-03-20T00:00:00",
"dateReserved": "2008-03-17T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0910 (GCVE-0-2009-0910)
Vulnerability from cvelistv5
Published
2009-04-06 15:00
Modified
2024-08-07 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:16.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "oval:org.mitre.oval:def:5786",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786"
},
{
"name": "1021974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "oval:org.mitre.oval:def:5786",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786"
},
{
"name": "1021974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "oval:org.mitre.oval:def:5786",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786"
},
{
"name": "1021974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0910",
"datePublished": "2009-04-06T15:00:00",
"dateReserved": "2009-03-14T00:00:00",
"dateUpdated": "2024-08-07T04:57:16.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3707 (GCVE-0-2009-3707)
Vulnerability from cvelistv5
Published
2009-10-16 16:00
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:30.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "36630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"name": "1022997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022997"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "36988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36988"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "36630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"name": "1022997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022997"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "36988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36988"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
},
{
"name": "39215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39215"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "36630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36630"
},
{
"name": "1022997",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022997"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html",
"refsource": "MISC",
"url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "36988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36988"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php",
"refsource": "MISC",
"url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
},
{
"name": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt",
"refsource": "MISC",
"url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
},
{
"name": "39215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39215"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3707",
"datePublished": "2009-10-16T16:00:00",
"dateReserved": "2009-10-16T00:00:00",
"dateUpdated": "2024-08-07T06:38:30.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2267 (GCVE-0-2009-2267)
Vulnerability from cvelistv5
Published
2009-11-02 15:00
Modified
2024-08-07 05:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2009-3062",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"name": "[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"name": "1023082",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023082"
},
{
"name": "36841",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36841"
},
{
"name": "oval:org.mitre.oval:def:8473",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473"
},
{
"name": "20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"name": "20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507539/100/0/threaded"
},
{
"name": "1023083",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"name": "37172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2009-3062",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"name": "[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"name": "1023082",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023082"
},
{
"name": "36841",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36841"
},
{
"name": "oval:org.mitre.oval:def:8473",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473"
},
{
"name": "20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"name": "20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507539/100/0/threaded"
},
{
"name": "1023083",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"name": "37172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "ADV-2009-3062",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"name": "[security-announce] 20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"name": "1023082",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023082"
},
{
"name": "36841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36841"
},
{
"name": "oval:org.mitre.oval:def:8473",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473"
},
{
"name": "20091027 VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"name": "20091027 Invalid #PF Exception Code in VMware can result in Guest Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507539/100/0/threaded"
},
{
"name": "1023083",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023083"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"name": "37172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2267",
"datePublished": "2009-11-02T15:00:00",
"dateReserved": "2009-07-01T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4915 (GCVE-0-2008-4915)
Vulnerability from cvelistv5
Published
2008-11-10 11:00
Modified
2024-08-07 10:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:28.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6309",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "32168",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32168"
},
{
"name": "[Security-announce] 20081106 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000042.html"
},
{
"name": "1021154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021154"
},
{
"name": "20081107 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498138/100/0/threaded"
},
{
"name": "32612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32612"
},
{
"name": "32624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32624"
},
{
"name": "vmware-cpuhardware-priv-escalation(46415)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html"
},
{
"name": "ADV-2008-3052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:6309",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309"
},
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "32168",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32168"
},
{
"name": "[Security-announce] 20081106 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000042.html"
},
{
"name": "1021154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021154"
},
{
"name": "20081107 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498138/100/0/threaded"
},
{
"name": "32612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32612"
},
{
"name": "32624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32624"
},
{
"name": "vmware-cpuhardware-priv-escalation(46415)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html"
},
{
"name": "ADV-2008-3052",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6309",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309"
},
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "32168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32168"
},
{
"name": "[Security-announce] 20081106 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000042.html"
},
{
"name": "1021154",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021154"
},
{
"name": "20081107 VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498138/100/0/threaded"
},
{
"name": "32612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32612"
},
{
"name": "32624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32624"
},
{
"name": "vmware-cpuhardware-priv-escalation(46415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46415"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html"
},
{
"name": "ADV-2008-3052",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4915",
"datePublished": "2008-11-10T11:00:00",
"dateReserved": "2008-11-03T00:00:00",
"dateUpdated": "2024-08-07T10:31:28.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1142 (GCVE-0-2010-1142)
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39394"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt"
},
{
"name": "1023833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39394"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt"
},
{
"name": "1023833",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "39394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39394"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt",
"refsource": "MISC",
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt"
},
{
"name": "1023833",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1142",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5438 (GCVE-0-2007-5438)
Vulnerability from cvelistv5
Published
2007-10-13 01:00
Modified
2024-08-07 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43488"
},
{
"name": "3219",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3219"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"name": "20071010 [ELEYTT] 10PAZDZIERNIK2007",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "26025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26025"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43488"
},
{
"name": "3219",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3219"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"name": "20071010 [ELEYTT] 10PAZDZIERNIK2007",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "26025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26025"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43488",
"refsource": "OSVDB",
"url": "http://osvdb.org/43488"
},
{
"name": "3219",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3219"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf",
"refsource": "MISC",
"url": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "20071010 [ELEYTT] 10PAZDZIERNIK2007",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "26025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26025"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5438",
"datePublished": "2007-10-13T01:00:00",
"dateReserved": "2007-10-12T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4496 (GCVE-0-2007-4496)
Vulnerability from cvelistv5
Published
2007-09-21 18:00
Modified
2024-08-07 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "25728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "25728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018718"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "GLSA-200711-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"name": "USN-543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "27694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27694"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "25728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25728"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "26890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26890"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1018718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018718"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4496",
"datePublished": "2007-09-21T18:00:00",
"dateReserved": "2007-08-22T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1146 (GCVE-0-2009-1146)
Vulnerability from cvelistv5
Published
2009-04-06 15:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:48.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "oval:org.mitre.oval:def:6310",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "1021977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021977"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "oval:org.mitre.oval:def:6310",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "1021977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021977"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "oval:org.mitre.oval:def:6310",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "1021977",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021977"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1146",
"datePublished": "2009-04-06T15:00:00",
"dateReserved": "2009-03-25T00:00:00",
"dateUpdated": "2024-08-07T05:04:48.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1147 (GCVE-0-2009-1147)
Vulnerability from cvelistv5
Published
2009-04-06 15:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:48.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5471",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:5471",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021976",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021976"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5471",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471"
},
{
"name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"name": "34373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"name": "1021976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021976"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1147",
"datePublished": "2009-04-06T15:00:00",
"dateReserved": "2009-03-25T00:00:00",
"dateUpdated": "2024-08-07T05:04:48.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3698 (GCVE-0-2008-3698)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "30936",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30936"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-openprocess-privilege-escalation(44795)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1020790",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020790"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "30936",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30936"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-openprocess-privilege-escalation(44795)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1020790",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020790"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "30936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30936"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "vmware-openprocess-privilege-escalation(44795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44795"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "1020790",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020790"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3698",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3691 (GCVE-0-2008-3691)
Vulnerability from cvelistv5
Published
2008-09-03 14:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31710"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"name": "31709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31709"
},
{
"name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "1020791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "31710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31710"
},
{
"name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"name": "30934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30934"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3691",
"datePublished": "2008-09-03T14:00:00",
"dateReserved": "2008-08-14T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1244 (GCVE-0-2009-1244)
Vulnerability from cvelistv5
Published
2009-04-13 16:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-virtualmachine-code-execution(49834)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
},
{
"name": "34471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34471"
},
{
"name": "1022031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022031"
},
{
"name": "53634",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53634"
},
{
"name": "oval:org.mitre.oval:def:6065",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
},
{
"name": "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-virtualmachine-code-execution(49834)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
},
{
"name": "34471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34471"
},
{
"name": "1022031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022031"
},
{
"name": "53634",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53634"
},
{
"name": "oval:org.mitre.oval:def:6065",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
},
{
"name": "ADV-2009-0944",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
},
{
"name": "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "vmware-virtualmachine-code-execution(49834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
},
{
"name": "34471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34471"
},
{
"name": "1022031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022031"
},
{
"name": "53634",
"refsource": "OSVDB",
"url": "http://osvdb.org/53634"
},
{
"name": "oval:org.mitre.oval:def:6065",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
},
{
"name": "ADV-2009-0944",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"name": "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
},
{
"name": "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1244",
"datePublished": "2009-04-13T16:00:00",
"dateReserved": "2009-04-06T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-09-08 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://lists.vmware.com/pipermail/security-announce/2009/000065.html | Patch | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/34938 | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/secunia_research/2009-25/ | Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/archive/1/506286/100/0/threaded | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/36290 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.vmware.com/security/advisories/VMSA-2009-0012.html | Patch, Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://www.vupen.com/english/advisories/2009/2553 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000065.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34938 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2009-25/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/506286/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36290 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0012.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2553 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | movie_decoder | 6.5.3 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.2_build_156735 | |
| vmware | workstation | 6.5 | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE79F3F7-A21A-4CAA-BB0D-2955299EE8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2_build_156735:*:*:*:*:*:*:*",
"matchCriteriaId": "D0075432-4410-41D7-BF36-C3C56A7CA2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters)."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en el VMnc media codec en VMware Movie Decoder anteriores a v6.5.3 build 185404, VMware Workstation v6.5.x anteriores a v6.5.3 build 185404, VMware Player v2.5.x anteriores a v2.5.3 build 185404, y VMware ACE v2.5.x anteriores a v2.5.3 build 185404 para Windows podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero de video con una dimensi\u00f3n modificada (tambi\u00e9n conocido como par\u00e1metros framebuffer)."
}
],
"id": "CVE-2009-0199",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-08T22:30:00.217",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34938"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-25/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/36290"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-25/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2553"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-06 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | Exploit | |
| cve@mitre.org | http://www.securitytracker.com/id?1021974 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021974 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-436."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en VNnc Codec en VMware Workstation 6.5.x versiones anteriores a v6.5.2 build 156735, VMware Player 2.5.x versiones anteriores a v2.5.2 build 156735, VMware ACE 2.5.x versiones anteriores a v2.5.2 build 156735, y VMware Server 2.0.x versiones anteriores a v2.0.1 build 156745 permite ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un p\u00e1gina web manipulada o fichero de video, tambi\u00e9n conocido como ZDI-CVE-436."
}
],
"id": "CVE-2009-0910",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-06T15:30:04.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021974"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5786"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-20 16:00
Modified
2025-04-09 00:30
Severity ?
Summary
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch | |
| cve@mitre.org | http://osvdb.org/51180 | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| cve@mitre.org | http://secunia.com/advisories/33372 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34601 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | Exploit | |
| cve@mitre.org | http://www.securitytracker.com/id?1021512 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0024 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433 | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/7647 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/51180 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33372 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34601 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021512 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0024 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/7647 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 2.5.0 | |
| vmware | fusion | * | |
| vmware | server | 2.0.0 | |
| vmware | vmware_player | * | |
| vmware | vmware_player | 1.0.0 | |
| vmware | vmware_player | 1.0.1 | |
| vmware | vmware_player | 1.0.2 | |
| vmware | vmware_player | 1.0.3 | |
| vmware | vmware_player | 1.0.4 | |
| vmware | vmware_player | 1.0.6 | |
| vmware | vmware_player | 1.0.7 | |
| vmware | vmware_player | 1.0.8 | |
| vmware | vmware_player | 1.0.9 | |
| vmware | vmware_player | 1.05 | |
| vmware | vmware_player | 2.0 | |
| vmware | vmware_player | 2.0.1 | |
| vmware | vmware_player | 2.0.2 | |
| vmware | vmware_player | 2.0.3 | |
| vmware | vmware_player | 2.0.4 | |
| vmware | vmware_player | 2.0.5 | |
| vmware | vmware_player | 2.5 | |
| vmware | vmware_workstation | * | |
| vmware | vmware_workstation | 4.5.3 | |
| vmware | vmware_workstation | 5.0 | |
| vmware | vmware_workstation | 5.5.0 | |
| vmware | vmware_workstation | 5.5.1 | |
| vmware | vmware_workstation | 5.5.2 | |
| vmware | vmware_workstation | 5.5.3 | |
| vmware | vmware_workstation | 5.5.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 5.5.6 | |
| vmware | vmware_workstation | 5.5.7 | |
| vmware | vmware_workstation | 5.5.8 | |
| vmware | vmware_workstation | 6.0 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | vmware_workstation | 6.0.3 | |
| vmware | vmware_workstation | 6.0.4 | |
| vmware | vmware_workstation | 6.0.5 | |
| vmware | vmware_workstation | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D249F86-E463-4AB1-BEEE-0828D5A2D761",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4004A38A-01A6-41BE-84EB-1D7C7FAD0214",
"versionEndIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318D5F4B-48C5-4214-B60C-9A2EEEF44835",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5E684965-43F7-4A51-850F-4C88F42940E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "357B60EC-C5F1-4FA4-B4AF-F81298479D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "933562E3-B6D5-4250-A07B-AB8437ED4D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "09F23F68-6853-4862-99CB-4F214816358F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AAFBF6B0-5E0A-4F62-82C7-D9861D0F5F31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "43282BF6-665C-4F77-8E95-487523863965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FFF490-8AA9-4296-99F0-DC57E5D4F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC850AB-7728-4EE3-9EB5-E1E4D7338202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1CA212-4114-4D45-B746-9C2AAF60CFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5085E31D-7472-408B-A85D-90337407A24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D57F024-3484-4EEA-8F9E-08A1AE5E3D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13D82E91-181E-4E7D-943D-6FC74D40CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21C496BC-404A-4C23-A0CB-DEE8BB8550A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8EF66E7-ECDA-40F9-9070-5857D2DEF818",
"versionEndIncluding": "6.51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0790DFEB-3ADE-4057-BA9D-025BD5F5B477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "433C05BD-1CAC-4F40-9F69-D0333C5F0E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6811B662-07E0-4B95-BFC6-C87C02110C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EAB3D2-79EE-43A3-8A08-3E8140C1B1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE15637B-FAE4-4FC7-8F45-B3B1554F8F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B32C157-020F-400B-970C-B93CF573EB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E1F0A2-8791-4627-8583-55B2A67D2F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3767CDDC-DF72-4AAE-B544-D2DFE02A199D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "640130AA-C905-4DD6-97BD-ABA90705F0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02EBBFDD-AC46-481A-8DA7-64619B447637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0B1FF0-80DC-433B-9298-346225060808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0ECA0396-CBCA-4D21-BD9A-EFCE24D616D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94533C3D-8767-44DB-ABF7-B991C3E47858",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command."
},
{
"lang": "es",
"value": "En la biblioteca vmwarebase.dll, tal y como es usado en el servicio vmware-authd (tambi\u00e9n se conoce como vmware-authd.exe), en VMware Workstation versi\u00f3n 6.5.1 build 126130, versi\u00f3n 6.5.1 y anteriores; VMware Player versi\u00f3n 2.5.1 build 126130, versi\u00f3n 2.5.1 y anteriores; VMware ACE versi\u00f3n 2.5.1 y anteriores; VMware Server versiones 2.0.x anteriores a 2.0.1 build 156745; y VMware Fusion anterior a versi\u00f3n 2.0.2 build 147997, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de un comando largo (1) USUARIO o (2) PASS."
}
],
"id": "CVE-2009-0177",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-20T16:00:09.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51180"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33372"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34601"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021512"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0024"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-13 01:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | ||
| cve@mitre.org | http://osvdb.org/43488 | ||
| cve@mitre.org | http://secunia.com/advisories/31707 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/3219 | ||
| cve@mitre.org | http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/482021/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26025 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | ||
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | ||
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | ||
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | ||
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | ||
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | ||
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | ||
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/43488 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3219 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/482021/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26025 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 1.0.5 | |
| vmware | ace | 1.0.6 | |
| vmware | ace | 1.0.7 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.2 | |
| vmware | ace | 2.0.3 | |
| vmware | ace | 2.0.4 | |
| vmware | ace | 2.0.5 | |
| vmware | vmware_player | 1.0.0 | |
| vmware | vmware_player | 1.0.1 | |
| vmware | vmware_player | 1.0.2 | |
| vmware | vmware_player | 1.0.3 | |
| vmware | vmware_player | 1.0.4 | |
| vmware | vmware_player | 1.0.5 | |
| vmware | vmware_player | 1.0.6 | |
| vmware | vmware_player | 1.0.7 | |
| vmware | vmware_player | 1.0.8 | |
| vmware | vmware_player | 2.0 | |
| vmware | vmware_player | 2.0.1 | |
| vmware | vmware_player | 2.0.2 | |
| vmware | vmware_player | 2.0.3 | |
| vmware | vmware_player | 2.0.4 | |
| vmware | vmware_player | 2.0.5 | |
| vmware | vmware_server | * | |
| vmware | vmware_server | 1.0 | |
| vmware | vmware_server | 1.0.1 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.3 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_server | 1.0.5 | |
| vmware | vmware_server | 1.0.6 | |
| vmware | vmware_workstation | 5.5.0 | |
| vmware | vmware_workstation | 5.5.1 | |
| vmware | vmware_workstation | 5.5.2 | |
| vmware | vmware_workstation | 5.5.3 | |
| vmware | vmware_workstation | 5.5.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 5.5.6 | |
| vmware | vmware_workstation | 5.5.7 | |
| vmware | vmware_workstation | 5.5.8 | |
| vmware | vmware_workstation | 6.0 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | vmware_workstation | 6.0.3 | |
| vmware | vmware_workstation | 6.0.4 | |
| vmware | vmware_workstation | 6.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5E684965-43F7-4A51-850F-4C88F42940E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9565E5-042E-4C62-A7C7-54808B15F0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "357B60EC-C5F1-4FA4-B4AF-F81298479D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "933562E3-B6D5-4250-A07B-AB8437ED4D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "09F23F68-6853-4862-99CB-4F214816358F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FFF490-8AA9-4296-99F0-DC57E5D4F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC850AB-7728-4EE3-9EB5-E1E4D7338202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1CA212-4114-4D45-B746-9C2AAF60CFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5085E31D-7472-408B-A85D-90337407A24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D57F024-3484-4EEA-8F9E-08A1AE5E3D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "13D82E91-181E-4E7D-943D-6FC74D40CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468BCB8E-139E-4340-B671-7DB979499D14",
"versionEndIncluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "025EC5A6-E4DF-421F-911B-BD15FBF2A3BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0CA04700-CF35-43CA-AD4E-BB93E206FDD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6F9A4A-41B0-48D9-B60C-EBF4EF899953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11AEF399-7640-45CB-9393-11F06D0E13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6811B662-07E0-4B95-BFC6-C87C02110C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EAB3D2-79EE-43A3-8A08-3E8140C1B1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE15637B-FAE4-4FC7-8F45-B3B1554F8F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B32C157-020F-400B-970C-B93CF573EB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E1F0A2-8791-4627-8583-55B2A67D2F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3767CDDC-DF72-4AAE-B544-D2DFE02A199D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "640130AA-C905-4DD6-97BD-ABA90705F0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02EBBFDD-AC46-481A-8DA7-64619B447637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0B1FF0-80DC-433B-9298-346225060808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0ECA0396-CBCA-4D21-BD9A-EFCE24D616D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX en Reconfig.DLL en VMware Workstation 5.5.x anteriores al 5.5.8 build 108000, VMware Workstation versiones 6.0.x anteriores a 6.0.5 build 109488, VMware Player versiones 1.x anteriores a 1.0.8 build 108000, VMware Player versiones 2.x anteriores a 2.0.5 build 109488, VMware ACE versiones 1.x anteriores a 1.0.7 build 108880, VMware ACE versiones 2.x anteriores a 2.0.5 build 109488 y VMware Server versiones anteriores a 1.0.7 build 108231, podr\u00eda permitir a usuarios locales una denegaci\u00f3n de servicio al Virtual Disk Mount Service (vmount2.exe), relacionado con la funci\u00f3n ConnectPopulatedDiskEx."
}
],
"id": "CVE-2007-5438",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-13T01:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/43488"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3219"
},
{
"source": "cve@mitre.org",
"url": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26025"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/43488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/3755 | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1019622 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41252 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019622 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41252 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E913C6E9-454D-4FE7-B22B-F24E194F5CE2",
"versionEndExcluding": "1.0.5",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "310A0A72-A709-407D-A68D-24EF59EEC553",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "841FDCE0-8D59-4AE6-8996-5BFD8736DA86",
"versionEndExcluding": "1.0.6",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D86484E-0D38-49BC-9C80-688A83F80345",
"versionEndExcluding": "2.0.3",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "517722B0-4E12-4A3B-A35B-2A88DA6D30A9",
"versionEndExcluding": "1.0.5",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C0BDA4-C4AE-4C91-A8D3-A965CCCE3C2E",
"versionEndExcluding": "5.5.6",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76907A90-590B-4FBA-977E-CCF19F6F405F",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for \"hijacking the VMX process.\""
},
{
"lang": "es",
"value": "VMware Workstation versiones 6.0.x anteriores a 6.0.3 y versiones 5.5.x anteriores a 5.5.6, VMware Player versiones 2.0.x anteriores a 2.0.3 y versiones 1.0.x anteriores a 1.0.6, VMware ACE versiones 2.0.x anteriores a 2.0.1 y versiones 1.0.x anteriores a 1.0.5, y VMware Server versiones 1.0.x anteriores a 1.0.5 para Windows permite a usuarios locales obtener privilegios mediante una modificaci\u00f3n no especificada del fichero config.ini localizado en la carpeta de Datos de Aplicaci\u00f3n, que puede ser usado para \"secuestrar el proceso VMX\"."
}
],
"id": "CVE-2008-1363",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1019622"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1019622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-10 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000042.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/32612 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/32624 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/498138/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/32168 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1021154 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0018.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/3052 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/46415 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000042.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32612 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32624 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/498138/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/32168 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021154 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0018.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/3052 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/46415 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "303FD815-1A0D-41ED-AD0E-91BFC82C6E3B",
"versionEndIncluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "403B0C68-7F85-438C-95E2-5B6FDCF00E7C",
"versionEndIncluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFBA799-7EC3-4DE3-BF3C-FA7C1C1E7632",
"versionEndIncluding": "3.5",
"versionStartIncluding": "2.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44A6CE08-8BAB-4BCC-87AE-FA433CD1AC67",
"versionEndIncluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA8737EE-4163-4B99-873A-21FC9748087A",
"versionEndIncluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B39E558-D6F4-4271-848C-E87A2CAD4A33",
"versionEndIncluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFA048E-E58D-481F-BE83-FF26795A0F7C",
"versionEndIncluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1598C125-3339-4917-BCB6-A7F361887E15",
"versionEndIncluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS."
},
{
"lang": "es",
"value": "Una vulnerabilidad sin especificar en la emulaci\u00f3n de hardware de CPU en sistemas operativos internos de 32-bit y 64-bit, en VMware Workstation v6.0.5 y anteriores; Player v2.0.x a la v2.0.5 y v1.0.x a la v1.0.8; ACE v2.0.x a la v2.0.5 y anteriores, y v1.0.x a la v1.0.7; Server v1.0.x a la v1.0.7; ESX v2.5.4 a la v3.5; y ESXi v3.5; no maneja de forma adecuada el flag Trap, que permite a usuarios del sistema operativo (SO) hu\u00e9sped obtener privilegios en el SO hu\u00e9sped."
}
],
"id": "CVE-2008-4915",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-10T14:12:55.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32612"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32624"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/498138/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/32168"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021154"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/3052"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46415"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/32624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/498138/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/32168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/3052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/25732 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25732 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A98FBF6-45D0-48BC-8E24-8C7F136F53AB",
"versionEndIncluding": "1.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF86A1B-FC17-4CB4-9F3C-726491C117BB",
"versionEndIncluding": "1.0.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA625B0B-2837-4B5A-9B36-FC77CF0748AC",
"versionEndIncluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "574C5392-7607-4F34-A661-CF618AA52BC4",
"versionEndIncluding": "1.0.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7F4F51-A9B8-4CA9-AE2C-458E61DB9D47",
"versionEndIncluding": "5.5.5",
"versionStartIncluding": "5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40975D44-E804-4A1C-9577-18D7DE1051E5",
"versionEndIncluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious \"program.exe\" file in the C: folder."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta (path) de b\u00fasqueda de Windows sin comillas en EMC VMware Workstation versiones anteriores a 5.5.5 Build 56455 y versiones 6.x anteriores a 6.0.1 Build 55017, Player versiones anteriores a 1.0.5 Build 56455 y Player versiones 2 anteriores a 2.0.1 Build 55017, ACE versiones anteriores a 1.0.3 Build 54075 y Server versiones anteriores a 1.0.4 Build 56528, permite a usuarios locales alcanzar privilegios por medio de vectores de ataque no especificados, posiblemente involucrando a un archivo malicioso \"program.exe\" en la carpeta C:."
}
],
"id": "CVE-2007-5023",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25732"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3755 | ||
| cve@mitre.org | http://securitytracker.com/id?1019621 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41259 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019621 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41259 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | ace | 2.0 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an \"insecurely created named pipe,\" a different vulnerability than CVE-2008-1361."
},
{
"lang": "es",
"value": "VMware Workstation versiones 6.0.x anteriores a 6.0.3 y versiones 5.5.x anteriores a 5.5.6, VMware Player versiones 2.0.x anteriores a 2.0.3 y versiones 1.0.x anteriores a 1.0.6, VMware ACE versiones 2.0.x anteriores a 2.0.1 y versiones 1.0.x anteriores a 1.0.5, y VMware Server versiones 1.0.x anteriores a 1.0.5 para Windows permite a usuarios locales conseguir privilegios o provocar una denegaci\u00f3n de servicio utilizando la suplantaci\u00f3n del proceso authd a trav\u00e9s de un uso no especificado de una \"tuber\u00eda de nombres creada de forma no segura\", siendo una vulnerabilidad diferente que CVE-2008-1361."
}
],
"id": "CVE-2008-1362",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019621"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41259"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39198 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39206 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt | ||
| cve@mitre.org | http://www.securityfocus.com/bid/39394 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023832 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023833 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39198 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39394 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023832 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023833 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| microsoft | windows | * | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| microsoft | windows | * | |
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | ace | 2.5.3 | |
| microsoft | windows | * | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| microsoft | windows | * | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | fusion | 2.0.3 | |
| vmware | fusion | 2.0.4 | |
| vmware | fusion | 2.0.5 | |
| vmware | fusion | 3.0 | |
| microsoft | windows | * | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| microsoft | windows | * | |
| vmware | esx | 2.5.5 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7268F-A170-4366-9196-E73A956883DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B037838B-072E-4676-9E5D-86F5BC207512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk."
},
{
"lang": "es",
"value": "VMware Tools en VMware Workstation v6.5.x anterior v6.5.4 build 246459; VMware Player v2.5.x anterior v2.5.4 build 246459; VMware ACE v2.5.x anterior v2.5.4 build 246459; VMware Server v2.x anterior v2.0.2 build 203138; VMware Fusion v2.x anterior v2.0.6 build 246742; VMware ESXi v3.5 y v4.0; y VMware ESX v2.5.5, v3.0.3, v3.5, y v4.0 no cargan adecuadamente los programas VMware, lo que puede permitir a usuarios de petici\u00f3n de sistemas operativos Windows obtener privilegios estableciendo un troyano en una direcci\u00f3n no especificada en el disco de petici\u00f3n OS."
}
],
"id": "CVE-2010-1142",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-12T18:30:00.710",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39198"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39394"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-04-12-2-PUB.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3755 | ||
| cve@mitre.org | http://securitytracker.com/id?1019624 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/28289 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41250 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019624 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28289 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41250 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | ace | 2.0 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger \"memory exhaustion and memory corruption.\""
},
{
"lang": "es",
"value": "Virtual Machine Communication Interface (VMCI) en VMware Workstation versiones 6.0.x anteriores a 6.0.3, VMware Player versiones 2.0.x anterirores a 2.0.3, y VMware ACE versiones 2.0.x anteriores a 2.0.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema operativo del servidor) mediante llamadas VMCI especialmente construidas que provocan el agotamiento y la corrupci\u00f3n de la memoria."
}
],
"id": "CVE-2008-1340",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019624"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41250"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-16 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | ||
| cve@mitre.org | http://secunia.com/advisories/36988 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39206 | ||
| cve@mitre.org | http://secunia.com/advisories/39215 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securitytracker.com/id?1022997 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/36630 | ||
| cve@mitre.org | http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt | URL Repurposed | |
| cve@mitre.org | http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php | URL Repurposed | |
| cve@mitre.org | http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html | Exploit, URL Repurposed | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36988 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39215 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1022997 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36630 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt | URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php | URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html | Exploit, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | ace | 2.5.3 | |
| vmware | ace | 2.5.4 | |
| vmware | ace | 2.6 | |
| vmware | ace | 2.6.1 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| vmware | player | 2.5.4 | |
| vmware | player | 3.0 | |
| vmware | player | 3.0.1 | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| vmware | workstation | 6.5.4 | |
| vmware | workstation | 7.0 | |
| vmware | workstation | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB84B42-8C68-4B65-93F9-287B699B7540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E87681DB-CBD8-46A6-BD9A-FB621B627B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3997440A-B731-4F26-A90B-BB14A8F93E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "656039E8-8082-4208-B046-518D95769B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A115959-9CDA-45ED-9002-BA1A31074E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3684F0D0-B8BE-442B-AA27-0A485E6BFFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\xFF sequence in the USER and PASS commands, related to a \"format string DoS\" issue. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "VMware Authentication Daemon versi\u00f3n 1.0 en el archivo vmware-authd.exe en el Servicio de Autorizaci\u00f3n de VMware en VMware Workstation versiones 7.0 anteriores a 7.0.1 build 227600 y versiones 6.5.x anteriores a 6.5.4 build 246459, VMware Player versiones 3.0 anteriores a 3.0.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, VMware ACE versiones 2.6 anteriores a 2.6.1 build 227600 y versiones 2.5.x anteriores a 2.5.4 build 246459, y VMware Server versiones 2.x, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del proceso) por medio de una secuencia de \\x25\\xFF en los comandos USER y PASS, relacionada con un problema de \"format string DoS\". NOTA: algunos de estos datos fueron obtenidos de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2009-3707",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-16T16:30:00.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36988"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39206"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39215"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022997"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36630"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.shinnai.net/exploits/abFwcLOuFqmD20yqhYpQ.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.shinnai.net/index.php?mod=02_Forum\u0026group=02_Bugs_and_Exploits\u0026argument=01_Remote\u0026topic=1254924405.ff.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://www.shinnai.net/xplits/TXT_JtYUv6C6j5b6Bw6iIkF4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26890 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27694 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27706 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/25728 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1018718 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27694 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27706 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25728 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018718 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A98FBF6-45D0-48BC-8E24-8C7F136F53AB",
"versionEndIncluding": "1.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4028C2-4A8A-41E3-9B58-5E48CEFC7F99",
"versionEndIncluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF86A1B-FC17-4CB4-9F3C-726491C117BB",
"versionEndIncluding": "1.0.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA625B0B-2837-4B5A-9B36-FC77CF0748AC",
"versionEndIncluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "574C5392-7607-4F34-A661-CF618AA52BC4",
"versionEndIncluding": "1.0.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7F4F51-A9B8-4CA9-AE2C-458E61DB9D47",
"versionEndIncluding": "5.5.5",
"versionStartIncluding": "5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40975D44-E804-4A1C-9577-18D7DE1051E5",
"versionEndIncluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en EMC VMware Workstation anterior a 5.5.5 construcci\u00f3n 56455 and 6.x anterior a 6.0.1 construcci\u00f3n 55017, Player anterior a 1.0.5 construcci\u00f3n 56455 and Player 2 anterior a 2.0.1 construcci\u00f3n 55017, ACE anterior a 1.0.3 construcci\u00f3n 54075 and ACE 2 anterior a 2.0.1 construcci\u00f3n 55017, and Server anterior a 1.0.4 construcci\u00f3n 56528 permite a usuarios validados con privilegios de administrador sobre un sistema operativo invitado corromper su memoria y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n sobre el sistema operativo alojador a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2007-4496",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 2.5,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25728"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018718"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-05 20:32
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/30556 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/3922 | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1020200 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/493080/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/29552 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1744 | Permissions Required | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/42872 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081 | Third Party Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30556 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3922 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1020200 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493080/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29552 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1744 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/42872 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | * | |
| vmware | esx_server | 3.0 | |
| vmware | esx_server | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | fusion | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| vmware | esx | 2.5.4 | |
| vmware | esx | 2.5.5 | |
| vmware | esx | 3.0.0 | |
| vmware | esx | 3.0.1 | |
| vmware | esx | 3.0.2 | |
| vmware | esx | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C67E8ABD-4BC9-4A68-A1A8-517574B54FBB",
"versionEndIncluding": "1.0.5",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13B407FC-39E6-4504-AA38-28F45B10B462",
"versionEndIncluding": "2.0.3",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE184CF-CD55-4F32-9294-A680A4DD3870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16EFF4E2-CA32-4FA4-AC4B-82D8C50769D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AE1C86-62E7-470E-BB1B-1AAEE3192D91",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "093FA9F6-A59D-4C09-B133-002573AB05BA",
"versionEndIncluding": "1.0.6",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318E110E-C2E3-4332-BD84-7ABBFBF2309B",
"versionEndIncluding": "2.0.3",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC0931F-7BB8-4CFD-9533-A62367661810",
"versionEndIncluding": "1.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E456E5A-C2F5-4FA1-94F0-2BBD81A766D5",
"versionEndIncluding": "5.5.6",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED2686-C461-4C16-A50F-D56E369879CC",
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFD8D25-7FDF-48DF-8728-5875C44FFB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en VIX API 1.1.x anteriores a 1.1.4 build 93057 en VMware Workstation 5.x y 6.x, VMware Player 1.x y 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, y VMware ESX 3.0.1 hasta la 3.5, permite a los usuarios del sistema hu\u00e9sped, ejecutar c\u00f3digo arbitrario en el sistema anfitri\u00f3n a trav\u00e9s de vectores no espec\u00edficos.\r\n"
}
],
"id": "CVE-2008-2100",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-05T20:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30556"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3922"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020200"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29552"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/30556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3755 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41551 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41551 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9191386-10C0-48A2-B70C-6A047347B5A1",
"versionEndIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "389DA24B-6865-428D-8630-837A0D589891",
"versionEndIncluding": "2.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de VMware Workstation 6.0.2, VMware Player versiones 2.0.x anteriores a 2.0.3, y VMware ACE versiones 2.0.x anteriores a 2.0.1 permite el acceso a la consola del sistema operativo cliente mediante llamadas an\u00f3nimas a la interfaz de programaci\u00f3n de aplicaciones VIX, teniendo un impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2008-1392",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41551"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, y VMware Server versiones anteriores a 1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, y CVE-2008-3696."
}
],
"id": "CVE-2008-3695",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3755 | ||
| cve@mitre.org | http://securitytracker.com/id?1019621 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | Patch | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41257 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019621 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41257 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 2.0 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_server | 1.0.0 | |
| vmware | vmware_server | 1.0.1 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.3 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0CA04700-CF35-43CA-AD4E-BB93E206FDD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362."
},
{
"lang": "es",
"value": "VMware Workstation versiones 6.0.x anteriores a 6.0.3 y 5.5.x anteriores a 5.5.6, VMware Player versiones 2.0.x anteriores a 2.0.3 y 1.0.x anteriores a 1.0.6, VMware ACE versiones 2.0.x anteriores a 2.0.1 y 1.0.x anteriores a 1.0.5, y VMware Server versiones 1.0.x anteriores a 1.0.5 para Windows permite a usuarios locales conseguir privilegios mediante una manipulaci\u00f3n no espec\u00edfica que causa que el proceso authd conecte con un nombre de tuber\u00eda de su elecci\u00f3n, siendo una vulnerabilidad diferente que CVE-2008-1362."
}
],
"id": "CVE-2008-1361",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019621"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41257"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-06 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1021977 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021977 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 1.0.5 | |
| vmware | ace | 1.0.6 | |
| vmware | ace | 1.0.7 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.2 | |
| vmware | ace | 2.0.3 | |
| vmware | ace | 2.0.4 | |
| vmware | ace | 2.0.5 | |
| vmware | ace | 2.5.0 | |
| vmware | player | * | |
| vmware | player | 1.0.0 | |
| vmware | player | 1.0.1 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 1.0.6 | |
| vmware | player | 1.0.7 | |
| vmware | player | 1.0.8 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | player | 2.0.3 | |
| vmware | player | 2.0.4 | |
| vmware | player | 2.0.5 | |
| vmware | player | 2.5 | |
| vmware | server | 1.0 | |
| vmware | server | 1.0.1 | |
| vmware | server | 1.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | server | 1.0.4 | |
| vmware | server | 1.0.5 | |
| vmware | server | 1.0.6 | |
| vmware | server | 1.0.7 | |
| vmware | server | 1.0.8 | |
| vmware | server | 2.0 | |
| vmware | workstation | * | |
| vmware | workstation | 1.0.1 | |
| vmware | workstation | 1.0.2 | |
| vmware | workstation | 1.0.4 | |
| vmware | workstation | 1.0.5 | |
| vmware | workstation | 1.1 | |
| vmware | workstation | 1.1.1 | |
| vmware | workstation | 1.1.2 | |
| vmware | workstation | 2.0 | |
| vmware | workstation | 2.0.1 | |
| vmware | workstation | 3.2.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 5 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.2 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.5 | |
| vmware | workstation | 5.5.6 | |
| vmware | workstation | 5.5.7 | |
| vmware | workstation | 5.5.8 | |
| vmware | workstation | 6.0 | |
| vmware | workstation | 6.0.1 | |
| vmware | workstation | 6.0.2 | |
| vmware | workstation | 6.0.3 | |
| vmware | workstation | 6.0.4 | |
| vmware | workstation | 6.0.5 | |
| vmware | workstation | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D249F86-E463-4AB1-BEEE-0828D5A2D761",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1C154A-3869-4189-A781-D3071D54143F",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA35C066-90A9-4DE2-A97A-38A6CFC59A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "462EEAD5-A78C-4381-847E-B6F1BE4CB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E666A5E4-4CDD-4915-B0F3-C63998D01846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3F9D4D-2116-49A7-9292-AF6B4456E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2EAA90-B24A-45E7-B99F-DA3554A16F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "446F2959-C42B-403B-AE1C-BA7D305C60CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC33AB-E92A-4AA8-A523-C341133BB515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53197903-0614-4460-8944-C1B5257D71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F037B05F-6F92-4BE1-B672-F677CBEFD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFEAE8-0118-4548-A6EA-E90FA8FE7AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42049891-38B7-4BB7-8DA5-A87169E2D958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07139DF7-C36B-4FED-8558-7FA49BE0BCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0D7307-5946-45DC-88D3-6BC72EF50184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "89699BB6-9E41-41DC-B597-B45CA05313A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D69FD9-F162-4623-A475-9FA7A3A6DF30",
"versionEndIncluding": "6.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBF029A-103D-4BB6-B037-25EC2224DF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D00C4D90-3697-4F3F-8FFF-FE63F3AD0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35A717A5-60C2-4470-943E-CA53781D4B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8FBC02-7F2F-4AEF-A5A3-E283D192937C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29AA2B37-BF5F-4AC5-844D-34CF56EC621C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07131E56-53EE-4CE1-A135-050792EA3C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86334051-8763-4CD9-9480-CAEAE756DFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66596F04-9C2E-4091-85A7-40239F3F920E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E831531-60FE-4DFC-994E-7409E6C69D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4C1A275E-2152-4A37-8CFE-34E8900E3426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5:*:*:*:*:*:*:*",
"matchCriteriaId": "37595A89-52C5-4699-A463-C9D91B91716B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF51A7F-59DA-4F64-A4F7-3A250C950D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D75ED54E-8E55-48BF-A52E-19FCCE895C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B53297E3-0C74-421B-8058-DAF7357D421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDEFCEF-F943-449B-91D8-A8CB290C7AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97957D6F-0249-4814-8755-5C4537B58E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4408849A-21F1-40F5-A528-0BD47E1BF823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9938CB4F-96D1-4852-9694-28A93E13AA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB61760-87FD-4E60-ADC6-407EFA13773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDE6D5-7131-421A-BABE-32F281615597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89AA4FEF-FF8F-4706-89BC-8396F7614EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows local users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3761."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un ioctl de hcmon.sys de VMware Workstation v6.5.1 y anteriores, VMware Player v2.5.1 y anteriores, VMware ACE v2.5.1 y anteriores y VMware Server en sus versiones v1.0.x anteriores a v1.0.9 build 156507 y v2.0.x en sus versiones anteriores a v2.0.1 build 156745. Permite a usuarios locales provocar una denegaci\u00f3n de servicio (DOS) a trav\u00e9s de vectores de ataque desconocidos utilizando una vulnerabilidad distinta a la especificada en CVE-2008-3761."
}
],
"id": "CVE-2009-1146",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-06T15:30:04.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021977"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6310"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-26 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034 | ||
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | ||
| cve@mitre.org | http://secunia.com/advisories/29117 | ||
| cve@mitre.org | http://securityreason.com/securityalert/3700 | ||
| cve@mitre.org | http://www.coresecurity.com/?action=item&id=2129 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/488725/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/27944 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1019493 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | ||
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | ||
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | ||
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | ||
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | ||
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0679 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/40837 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29117 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3700 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/?action=item&id=2129 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/488725/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1019493 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0679 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/40837 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.2 | |
| vmware | player | 1.0.4 | |
| vmware | vmware_player | 1.0.1_build_19317 | |
| vmware | vmware_player | 1.0.2 | |
| vmware | vmware_player | 1.0.3 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1_build_19317:*:*:*:*:*:*:*",
"matchCriteriaId": "7764D48A-2D43-413F-9214-AE754DDCF68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la caracter\u00edstica de Archivos Compartidos de VMWare ACE 1.0.2 y 2.0.2, Player 1.0.4 y 2.0.2, y Workstation 5.5.4 y 6.0.2 permite a usuarios de SO invitados leer y escribir archivos de su elecci\u00f3n en el SO anfitri\u00f3n a trav\u00e9s de una cadena multibyte que produce una cadena de caracteres ancha que contiene secuencias de .. (punto punto), lo que evita el mecanismo de protecci\u00f3n, como se demostr\u00f3 usando una cadena \"%c0%2e%c0%2e\"."
}
],
"id": "CVE-2008-0923",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-26T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29117"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3700"
},
{
"source": "cve@mitre.org",
"url": "http://www.coresecurity.com/?action=item\u0026id=2129"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27944"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019493"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0679"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.coresecurity.com/?action=item\u0026id=2129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-13 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000055.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/53634 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/502615/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34471 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1022031 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0006.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/49834 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000055.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/53634 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/502615/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34471 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022031 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/49834 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 1.0.5 | |
| vmware | ace | 1.0.6 | |
| vmware | ace | 1.0.7 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.2 | |
| vmware | ace | 2.0.3 | |
| vmware | ace | 2.0.4 | |
| vmware | ace | 2.0.5 | |
| vmware | ace | 2.5.0 | |
| vmware | esx | 3.0.2 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | fusion | * | |
| vmware | fusion | 1.0 | |
| vmware | fusion | 1.1 | |
| vmware | fusion | 1.1.1 | |
| vmware | fusion | 1.1.2 | |
| vmware | fusion | 1.1.3 | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | player | * | |
| vmware | player | 1.0.0 | |
| vmware | player | 1.0.1 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 1.0.6 | |
| vmware | player | 1.0.7 | |
| vmware | player | 1.0.8 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | player | 2.0.3 | |
| vmware | player | 2.0.4 | |
| vmware | player | 2.0.5 | |
| vmware | player | 2.5 | |
| vmware | server | 1.0 | |
| vmware | server | 1.0.1 | |
| vmware | server | 1.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | server | 1.0.4 | |
| vmware | server | 1.0.5 | |
| vmware | server | 1.0.6 | |
| vmware | server | 1.0.7 | |
| vmware | server | 1.0.8 | |
| vmware | server | 1.0.9 | |
| vmware | server | 2.0 | |
| vmware | workstation | * | |
| vmware | workstation | 1.0.1 | |
| vmware | workstation | 1.0.2 | |
| vmware | workstation | 1.0.4 | |
| vmware | workstation | 1.0.5 | |
| vmware | workstation | 1.1 | |
| vmware | workstation | 1.1.1 | |
| vmware | workstation | 1.1.2 | |
| vmware | workstation | 2.0 | |
| vmware | workstation | 2.0.1 | |
| vmware | workstation | 3.2.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 5 | |
| vmware | workstation | 5.0.0 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.0 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.2 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.5 | |
| vmware | workstation | 5.5.6 | |
| vmware | workstation | 5.5.7 | |
| vmware | workstation | 5.5.8 | |
| vmware | workstation | 6.0 | |
| vmware | workstation | 6.0.1 | |
| vmware | workstation | 6.0.2 | |
| vmware | workstation | 6.0.3 | |
| vmware | workstation | 6.0.4 | |
| vmware | workstation | 6.0.5 | |
| vmware | workstation | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D249F86-E463-4AB1-BEEE-0828D5A2D761",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78322B97-DBE0-4C7E-9826-11727254500E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BA4159-EBBA-4326-A672-23322377781B",
"versionEndIncluding": "2.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "942B4ED3-A68E-4106-A98B-FA7CD3505140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD1338C-8FC1-40A1-BAE8-B11F4354A0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC862199-8AA7-4E5E-BA2B-DF5FC9A056BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDA2CE1-E26E-4347-BD60-2764A19F5E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B503A45-D9F3-414D-9BFA-C58B1E81A39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1C154A-3869-4189-A781-D3071D54143F",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA35C066-90A9-4DE2-A97A-38A6CFC59A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "462EEAD5-A78C-4381-847E-B6F1BE4CB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E666A5E4-4CDD-4915-B0F3-C63998D01846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3F9D4D-2116-49A7-9292-AF6B4456E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2EAA90-B24A-45E7-B99F-DA3554A16F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "446F2959-C42B-403B-AE1C-BA7D305C60CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC33AB-E92A-4AA8-A523-C341133BB515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53197903-0614-4460-8944-C1B5257D71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F037B05F-6F92-4BE1-B672-F677CBEFD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFEAE8-0118-4548-A6EA-E90FA8FE7AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42049891-38B7-4BB7-8DA5-A87169E2D958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07139DF7-C36B-4FED-8558-7FA49BE0BCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0D7307-5946-45DC-88D3-6BC72EF50184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "89699BB6-9E41-41DC-B597-B45CA05313A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9D09AC-7D9B-4150-86BC-19F44F6F2CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D69FD9-F162-4623-A475-9FA7A3A6DF30",
"versionEndIncluding": "6.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBF029A-103D-4BB6-B037-25EC2224DF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D00C4D90-3697-4F3F-8FFF-FE63F3AD0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35A717A5-60C2-4470-943E-CA53781D4B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8FBC02-7F2F-4AEF-A5A3-E283D192937C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29AA2B37-BF5F-4AC5-844D-34CF56EC621C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07131E56-53EE-4CE1-A135-050792EA3C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86334051-8763-4CD9-9480-CAEAE756DFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66596F04-9C2E-4091-85A7-40239F3F920E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E831531-60FE-4DFC-994E-7409E6C69D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4C1A275E-2152-4A37-8CFE-34E8900E3426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5:*:*:*:*:*:*:*",
"matchCriteriaId": "37595A89-52C5-4699-A463-C9D91B91716B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53FBB074-4EAC-4CEC-AFC5-33C66B135F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "525D50A3-2943-4B96-B354-F81F814A7707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF51A7F-59DA-4F64-A4F7-3A250C950D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D75ED54E-8E55-48BF-A52E-19FCCE895C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B53297E3-0C74-421B-8058-DAF7357D421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDEFCEF-F943-449B-91D8-A8CB290C7AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97957D6F-0249-4814-8755-5C4537B58E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4408849A-21F1-40F5-A528-0BD47E1BF823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9938CB4F-96D1-4852-9694-28A93E13AA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB61760-87FD-4E60-ADC6-407EFA13773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDE6D5-7131-421A-BABE-32F281615597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89AA4FEF-FF8F-4706-89BC-8396F7614EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en la funci\u00f3n de pantalla de m\u00e1quina virtual de en VMware Workstation v6.5.1 y anteriores; VMware Player v2.5.1 y anteriores; VMware ACE v2.5.1 y anteriores; VMware Server v1.x antes de la v1.0.9 build 156507 y v2.x antes de v2.0.1 build 156745; VMware Fusion antes de la v2.0.4 build 159196; VMware ESXi 3.5 y VMware ESX v3.0.2, v3.0.3 y v3.5 permite ejecutar, a los usuarios invitados, c\u00f3digo arbitrario en el sistema operativo anfitri\u00f3n a trav\u00e9s de vectores desconocidos, una vulnerabilidad diferente a la CVE-2008-4916."
}
],
"id": "CVE-2009-1244",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-13T16:30:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53634"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34471"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022031"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26890 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27694 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27706 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| cve@mitre.org | http://www.iss.net/threats/275.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/25729 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1018717 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33101 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27694 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27706 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/threats/275.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25729 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018717 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33101 | VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| vmware | esx | 2.0.2 | |
| vmware | esx | 2.1.3 | |
| vmware | esx | 2.5.3 | |
| vmware | esx | 2.5.4 | |
| vmware | esx | 3.0.0 | |
| vmware | esx | 3.0.1 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE329FB-74A5-4D8C-B5D5-C6063CAAB479",
"versionEndExcluding": "1.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "310A0A72-A709-407D-A68D-24EF59EEC553",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B87BD440-71B2-4D1C-B22A-A661D01928C0",
"versionEndExcluding": "1.0.5",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35A00737-2932-4877-8E02-1F9534C6FBAE",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02269212-A8EE-4BB2-8C6E-122953AAFB83",
"versionEndExcluding": "1.0.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27920879-1408-4514-BA3F-B31DD69FACA2",
"versionEndExcluding": "5.5.5",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACA1016-EAC5-4210-ABDC-C2499F2841EA",
"versionEndExcluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "796BEFD3-F30A-4397-BC3E-1156DE47CA4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F768C-5549-4498-8C5D-13BC5046B721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01BB3005-A185-4701-945E-8E14A23A016F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers \"corrupt stack memory.\""
},
{
"lang": "es",
"value": "El servidor DHCP en EMC VMware Workstation anterior a 5.5.5 construcci\u00f3n 56455 y 6.x anterior a 6.0.1 construcci\u00f3n 55017, Player anterior a 1.0.5 construcci\u00f3n 56455 y Player 2 anterior a2.0.1 construcci\u00f3n 55017, ACE anterior a1.0.3 construcci\u00f3n 54075 y ACE 2 anterior a2.0.1 construcci\u00f3n 55017, y Server anterior a 1.0.4 construcci\u00f3n 56528 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3na trav\u00e9s de un paquete malformado que dispara \"corrupci\u00f3n de memoria basado en pila\"."
}
],
"id": "CVE-2007-0061",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33101"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.\n",
"lastModified": "2008-06-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://lists.vmware.com/pipermail/security-announce/2009/000065.html | Patch | |
| cret@cert.org | http://secunia.com/advisories/34938 | Vendor Advisory | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/444513 | US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/archive/1/506286/100/0/threaded | ||
| cret@cert.org | http://www.securityfocus.com/bid/36290 | Patch | |
| cret@cert.org | http://www.vmware.com/security/advisories/VMSA-2009-0012.html | Patch, Vendor Advisory | |
| cret@cert.org | http://www.vupen.com/english/advisories/2009/2553 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000065.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34938 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/444513 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/506286/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36290 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0012.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2553 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | movie_decoder | 6.5.3 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | workstation | 6.5 | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:movie_decoder:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE79F3F7-A21A-4CAA-BB0D-2955299EE8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video content, which might allow remote attackers to execute arbitrary code via a crafted AVI file that triggers heap memory corruption."
},
{
"lang": "es",
"value": "El codec multimedia VMnc en vmnc.dll en VMware Movie Decoder anterior a v6.5.3 build 185404, VMware Workstation v6.5.x anterior a v6.5.3 build 185404, VMware Player v2.5.x anterior a v2.5.3 build 185404 y VMware ACE v2.5.x anterior a v2.5.3 build 185404 sobre Windows, no maneja adecuadamente determinados tama\u00f1os de altura en el contenido de video, lo que podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo AVI manipulado que provocar\u00eda un corrupci\u00f3n de memoria."
}
],
"id": "CVE-2009-2628",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-08T22:30:00.483",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34938"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/444513"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36290"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/444513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2553"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-06 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | Exploit | |
| cve@mitre.org | http://www.securitytracker.com/id?1021974 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021974 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5.x before 6.5.2 build 156735, VMware Player 2.5.x before 2.5.2 build 156735, VMware ACE 2.5.x before 2.5.2 build 156735, and VMware Server 2.0.x before 2.0.1 build 156745 allows remote attackers to execute arbitrary code via a crafted web page or video file, aka ZDI-CAN-435."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en VNnc Codec en VMware Workstation v6.5.x anteriores a v6.5.2 build 156735, VMware Player v2.5.x anteriores a v2.5.2 build 156735, VMware ACE v2.5.x anteriores a v2.5.2 build 156735, y VMware Server v2.0.x anteriores a v2.0.1 build 156745 permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo a trav\u00e9s de p\u00e1ginas web manipuladas o archivos de v\u00eddeo, tambi\u00e9n conocida como ZDI-CVE-435."
}
],
"id": "CVE-2009-0909",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-06T15:30:04.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021974"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX de VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, y VMware Server versiones anteriores a 1.0.7 build 108231 tiene un impacto y vectores de ataque remotos desconocidos, una vulnerabilidad diferente a CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, y CVE-2008-3696."
}
],
"id": "CVE-2008-3691",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-01 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/35269 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/503912/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/35141 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1022300 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0007.html | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/1452 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35269 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/503912/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35141 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1022300 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0007.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1452 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.3_build_54075 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 1.0.5 | |
| vmware | ace | 1.0.6 | |
| vmware | ace | 1.0.7 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.1_build_55017 | |
| vmware | ace | 2.0.2 | |
| vmware | ace | 2.0.3 | |
| vmware | ace | 2.0.4 | |
| vmware | ace | 2.0.5 | |
| vmware | ace | 2.5.0 | |
| vmware | esx | 3.0.2 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esxi | 3.5 | |
| vmware | fusion | * | |
| vmware | fusion | 2.0 | |
| vmware | player | * | |
| vmware | player | 1.0.0 | |
| vmware | player | 1.0.1 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 1.0.6 | |
| vmware | player | 1.0.7 | |
| vmware | player | 1.0.8 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | player | 2.0.3 | |
| vmware | player | 2.0.4 | |
| vmware | player | 2.0.5 | |
| vmware | player | 2.5 | |
| vmware | server | * | |
| vmware | server | 1.0 | |
| vmware | server | 1.0.1 | |
| vmware | server | 1.0.1_build_29996 | |
| vmware | server | 1.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | server | 1.0.4 | |
| vmware | server | 1.0.4_build_56528 | |
| vmware | server | 1.0.5 | |
| vmware | server | 1.0.6 | |
| vmware | server | 1.0.7 | |
| vmware | server | 2.0 | |
| vmware | workstation | * | |
| vmware | workstation | 1.0.1 | |
| vmware | workstation | 1.0.2 | |
| vmware | workstation | 1.0.4 | |
| vmware | workstation | 1.0.5 | |
| vmware | workstation | 1.1 | |
| vmware | workstation | 1.1.1 | |
| vmware | workstation | 1.1.2 | |
| vmware | workstation | 2.0 | |
| vmware | workstation | 2.0.1 | |
| vmware | workstation | 3.2.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.1_build_5289 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 4.5.2_build_8848 | |
| vmware | workstation | 4.5.2_build_8848 | |
| vmware | workstation | 5 | |
| vmware | workstation | 5.0.0 | |
| vmware | workstation | 5.0.0_build_13124 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.0 | |
| vmware | workstation | 5.5.0_build_13124 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.1_build_19175 | |
| vmware | workstation | 5.5.2 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 5.5.5 | |
| vmware | workstation | 5.5.5_build_56455 | |
| vmware | workstation | 5.5.6 | |
| vmware | workstation | 5.5.7 | |
| vmware | workstation | 5.5.8 | |
| vmware | workstation | 6.0 | |
| vmware | workstation | 6.0.1 | |
| vmware | workstation | 6.0.1_build_55017 | |
| vmware | workstation | 6.0.2 | |
| vmware | workstation | 6.0.3 | |
| vmware | workstation | 6.0.4 | |
| vmware | workstation | 6.0.5 | |
| vmware | workstation | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D249F86-E463-4AB1-BEEE-0828D5A2D761",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3_build_54075:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B6602F-EF25-4E20-B4AA-955C026F7AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1_build_55017:*:*:*:*:*:*:*",
"matchCriteriaId": "9D438AB9-825C-4A9B-A3FF-55F2E5743B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78322B97-DBE0-4C7E-9826-11727254500E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4004A38A-01A6-41BE-84EB-1D7C7FAD0214",
"versionEndIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1C154A-3869-4189-A781-D3071D54143F",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA35C066-90A9-4DE2-A97A-38A6CFC59A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "462EEAD5-A78C-4381-847E-B6F1BE4CB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E666A5E4-4CDD-4915-B0F3-C63998D01846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3F9D4D-2116-49A7-9292-AF6B4456E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2EAA90-B24A-45E7-B99F-DA3554A16F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "446F2959-C42B-403B-AE1C-BA7D305C60CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B24C0071-58F9-4971-951B-7AA12294F7D9",
"versionEndIncluding": "1.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC33AB-E92A-4AA8-A523-C341133BB515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53197903-0614-4460-8944-C1B5257D71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*",
"matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F037B05F-6F92-4BE1-B672-F677CBEFD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFEAE8-0118-4548-A6EA-E90FA8FE7AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4_build_56528:*:*:*:*:*:*:*",
"matchCriteriaId": "87489138-7756-453C-A149-F2C4F95EFF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42049891-38B7-4BB7-8DA5-A87169E2D958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07139DF7-C36B-4FED-8558-7FA49BE0BCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0D7307-5946-45DC-88D3-6BC72EF50184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D69FD9-F162-4623-A475-9FA7A3A6DF30",
"versionEndIncluding": "6.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBF029A-103D-4BB6-B037-25EC2224DF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D00C4D90-3697-4F3F-8FFF-FE63F3AD0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35A717A5-60C2-4470-943E-CA53781D4B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8FBC02-7F2F-4AEF-A5A3-E283D192937C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29AA2B37-BF5F-4AC5-844D-34CF56EC621C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07131E56-53EE-4CE1-A135-050792EA3C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86334051-8763-4CD9-9480-CAEAE756DFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66596F04-9C2E-4091-85A7-40239F3F920E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E831531-60FE-4DFC-994E-7409E6C69D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4C1A275E-2152-4A37-8CFE-34E8900E3426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1_build_5289:*:*:*:*:*:*:*",
"matchCriteriaId": "25F1481E-A07D-4913-BCF3-630561F0FBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F9694-8556-4990-A867-592D6A927498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4:*:*:*:*:*:*",
"matchCriteriaId": "0C605123-69F9-44AC-A17E-3C728059E628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5:*:*:*:*:*:*:*",
"matchCriteriaId": "37595A89-52C5-4699-A463-C9D91B91716B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53FBB074-4EAC-4CEC-AFC5-33C66B135F3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "41B54C61-FB19-4900-A635-2F6B63BEC88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "525D50A3-2943-4B96-B354-F81F814A7707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BCB22F-7B9A-493B-AE19-18D0C15EA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*",
"matchCriteriaId": "33D6D4DD-13D2-4EA0-A7D7-367C3809ABAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF51A7F-59DA-4F64-A4F7-3A250C950D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:42958:*:*:*:*:*:*",
"matchCriteriaId": "559D2177-ECB9-4AFF-A8B4-BCB47A1B4637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D75ED54E-8E55-48BF-A52E-19FCCE895C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5_build_56455:*:*:*:*:*:*:*",
"matchCriteriaId": "B27D214D-2BEF-4445-802A-5E02E9E5E5CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B53297E3-0C74-421B-8058-DAF7357D421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDEFCEF-F943-449B-91D8-A8CB290C7AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97957D6F-0249-4814-8755-5C4537B58E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4408849A-21F1-40F5-A528-0BD47E1BF823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1_build_55017:*:*:*:*:*:*:*",
"matchCriteriaId": "0692E537-A36E-470B-BECE-A17D531B925C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9938CB4F-96D1-4852-9694-28A93E13AA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB61760-87FD-4E60-ADC6-407EFA13773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDE6D5-7131-421A-BABE-32F281615597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89AA4FEF-FF8F-4706-89BC-8396F7614EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the VMware Descheduled Time Accounting driver in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745, VMware Fusion 2.x before 2.0.2 build 147997, VMware ESXi 3.5, and VMware ESX 3.0.2, 3.0.3, and 3.5, when the Descheduled Time Accounting Service is not running, allows guest OS users on Windows to cause a denial of service via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el controlador VMware Descheduled Time Accounting en VMware Workstation v6.5.1 y anteriores, VMware Player v2.5.1 y anteriores, VMware ACE v2.5.1 y anteriores, VMware Server v1.x anteriores a v1.0.9 build 156507 y v2.x anteriores a v2.0.1 build 156745, VMware Fusion v2.x anteriores a v2.0.2 build 147997, VMware ESXi v3.5, y VMware ESX v3.0.2, v3.0.3, y v3.5, cuando el servicio Descheduled Time Accounting no se est\u00e1 ejecutando, permite a usuarios invitados del sistema operativo en Windows provocar una denegaci\u00f3n de servicio mediante vectores desconocidos."
}
],
"id": "CVE-2009-1805",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-01T19:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35269"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35141"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022300"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1452"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6130"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
},
{
"lang": "es",
"value": "Vulnerabilidad no espeficada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, y VMware Server before 1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, y CVE-2008-3696."
}
],
"id": "CVE-2008-3693",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3755 | ||
| cve@mitre.org | http://securitytracker.com/id?1019623 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28276 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28289 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0905/references | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41254 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3755 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019623 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/489739/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28289 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0005.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0905/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41254 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | ace | 2.0 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el servicio DHCP en VMware Workstation versiones 5.5.x anteriores a 5.5.6, VMware Player versiones 1.0.x anteriores a 1.0.6, VMware ACE versiones 1.0.x anteriores a 1.0.5, VMware Server versiones 1.0.x anteriores a 1.0.5, y VMware Fusion versiones 1.1.x anteriores a 1.1.1 permite a atacantes provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2008-1364",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-03-20T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019623"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41254"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.\n",
"lastModified": "2008-06-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, y VMware Server versiones anteriores a 1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, y CVE-2008-3696."
}
],
"id": "CVE-2008-3692",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.gentoo.org/show_bug.cgi?id=227135 | ||
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html | ||
| cve@mitre.org | http://secunia.com/advisories/26890 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27694 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27706 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31396 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34263 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-23.xml | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200808-05.xml | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0041 | ||
| cve@mitre.org | http://www.iss.net/threats/275.html | Patch | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2009:153 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/501759/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/25729 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1018717 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-543-1 | ||
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Vendor Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=339561 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33102 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=227135 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27694 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27706 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31396 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34263 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-23.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200808-05.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0041 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/threats/275.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:153 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/501759/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25729 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018717 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-543-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=339561 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33102 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0.3 | |
| vmware | ace | 2.0 | |
| vmware | player | 1.0.4 | |
| vmware | player | 2.0 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 5.5.0_build_13124 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.1_build_19175 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BCB22F-7B9A-493B-AE19-18D0C15EA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*",
"matchCriteriaId": "33D6D4DD-13D2-4EA0-A7D7-367C3809ABAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients."
},
{
"lang": "es",
"value": "Un desbordamiento enteros en el dhcpd ISC versi\u00f3n 3.0.x anterior a 3.0.7 y versi\u00f3n 3.1.x anterior a 3.1.1; y el servidor DHCP en EMC VMware Workstation anterior a versi\u00f3n 5.5.5 Build 56455 y versi\u00f3n 6.x anterior a 6.0.1 Build 55017, Player anterior a versi\u00f3n 1.0.5 Build 56455 y Player 2 anterior a versi\u00f3n 2.0.1 Build 55017, ACE anterior a versi\u00f3n 1.0.3 Build 54075 y ACE 2 anterior a versi\u00f3n 2.0.1 Build 55017, y Server versi\u00f3n 1.0.4 56528; permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) o ejecutar c\u00f3digo arbitrario por medio de un paquete DHCP con formato inapropiado con un gran tama\u00f1o de mensaje m\u00e1ximo dhcp que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria, relacionado con servidores configurados para enviar muchas opciones DHCP a clientes."
}
],
"id": "CVE-2007-0062",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=227135"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31396"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34263"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200808-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0041"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:153"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/501759/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=339561"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=227135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501759/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=339561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33102"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1, 3, 4, or 5:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-0062\n",
"lastModified": "2008-06-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-06 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1021975 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021975 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 1.0.5 | |
| vmware | ace | 1.0.6 | |
| vmware | ace | 1.0.7 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.2 | |
| vmware | ace | 2.0.3 | |
| vmware | ace | 2.0.4 | |
| vmware | ace | 2.0.5 | |
| vmware | ace | 2.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D249F86-E463-4AB1-BEEE-0828D5A2D761",
"versionEndIncluding": "2.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la implementaci\u00f3n de la carpeta en VMware Host Guest File System (HGFS) caracter\u00edstica de carpeta compartida en VMware ACE v2.5.1 y anteriores que permiten a lo atacantes deshabilitar las carpetas compartidas."
}
],
"id": "CVE-2009-0908",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-06T15:30:04.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021975"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6399"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39198 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39206 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023832 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023833 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39198 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023832 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023833 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| microsoft | windows | * | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| microsoft | windows | * | |
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | ace | 2.5.3 | |
| microsoft | windows | * | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| microsoft | windows | * | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | fusion | 2.0.3 | |
| vmware | fusion | 2.0.4 | |
| vmware | fusion | 2.0.5 | |
| vmware | fusion | 3.0 | |
| microsoft | windows | * | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| microsoft | windows | * | |
| vmware | esx | 2.5.5 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7268F-A170-4366-9196-E73A956883DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B037838B-072E-4676-9E5D-86F5BC207512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share."
},
{
"lang": "es",
"value": "VMware Tools en VMware Workstation v6.5.x before v6.5.4 build v246459; VMware Player v2.5.x anterior a v2.5.4 build 246459; VMware ACE v2.5.x anterior a v2.5.4 build 246459; VMware Server v2.x anterior a v2.0.2 build 203138; VMware Fusion v2.x anterior a v2.0.6 build 246742; VMware ESXi v3.5 y v4.0; y VMware ESX 2.5.5, 3.0.3, 3.5, y 4.0 no accede adecuadamente a las bibliotecas de acceso, lo cual permite a atacantes remotos ayudados por usuarios ejecutar c\u00f3digo a su elecci\u00f3n al enga\u00f1ar a un usuario en un cliente Windows OS a hacer clic en un archivo que se almacena en un recurso compartido de red."
}
],
"id": "CVE-2010-1141",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-12T18:30:00.663",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39198"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-05 20:32
Modified
2025-04-09 00:30
Severity ?
Summary
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712 | ||
| cve@mitre.org | http://secunia.com/advisories/30556 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securityreason.com/securityalert/3922 | ||
| cve@mitre.org | http://securitytracker.com/id?1020197 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/493080/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/493148/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/493172/100/0/threaded | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/1744 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30556 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/3922 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1020197 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493080/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493148/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/493172/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0009.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/1744 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.4 | |
| vmware | esx_server | 2.5.5 | |
| vmware | player | 1.0.4 | |
| vmware | server | 1.0.3 | |
| vmware | vmware_player | 1.0.0 | |
| vmware | vmware_player | 1.0.1 | |
| vmware | vmware_player | 1.0.2 | |
| vmware | vmware_player | 1.0.3 | |
| vmware | vmware_player | 1.0.5 | |
| vmware | vmware_server | 1.0.0 | |
| vmware | vmware_server | 1.0.1 | |
| vmware | vmware_server | 1.0.2 | |
| vmware | vmware_server | 1.0.4 | |
| vmware | vmware_workstation | 5.5.0 | |
| vmware | vmware_workstation | 5.5.2 | |
| vmware | vmware_workstation | 5.5.5 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.4 | |
| vmware | esx | 2.5.4 | |
| vmware | esx | 3.0.0 | |
| vmware | esx | 3.0.1 | |
| vmware | esx | 3.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADCA876-2B69-4267-8467-E7E470428D32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9565E5-042E-4C62-A7C7-54808B15F0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
},
{
"lang": "es",
"value": "HGFS.sys en el VMware Tools package en VMware Workstation 5.x anterior a 5.5.6 build 80404, VMware Player anterior a 1.0.6 build 80404, VMware ACE anterior a 1.0.5 build 79846, VMware Server anterior a 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2, no valida correctamente argumentos en el modo de usuario METHOD_NEITHER IOCTLs hacia \\\\.\\hgfs, lo que permite al sistema operativo huesped, modificar ubicaciones de memoria de su elecci\u00f3n en el n\u00facleo de la memoria del sistema huesped y as\u00ed obtener privilegios."
}
],
"id": "CVE-2007-5671",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-05T20:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30556"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3922"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020197"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-06 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | ||
| cve@mitre.org | http://seclists.org/fulldisclosure/2009/Apr/0036.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34373 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1021976 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0944 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000054.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2009/Apr/0036.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34373 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0944 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | 1.0 | |
| vmware | ace | 1.0.0 | |
| vmware | ace | 1.0.1 | |
| vmware | ace | 1.0.2 | |
| vmware | ace | 1.0.3 | |
| vmware | ace | 1.0.3_build_54075 | |
| vmware | ace | 1.0.4 | |
| vmware | ace | 1.0.5 | |
| vmware | ace | 1.0.6 | |
| vmware | ace | 1.0.7 | |
| vmware | ace | 2.0 | |
| vmware | ace | 2.0.1 | |
| vmware | ace | 2.0.1_build_55017 | |
| vmware | ace | 2.0.2 | |
| vmware | ace | 2.0.3 | |
| vmware | ace | 2.0.4 | |
| vmware | ace | 2.0.5 | |
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | workstation | 1.0.1 | |
| vmware | workstation | 1.0.2 | |
| vmware | workstation | 1.0.4 | |
| vmware | workstation | 1.0.5 | |
| vmware | workstation | 1.1 | |
| vmware | workstation | 1.1.1 | |
| vmware | workstation | 1.1.2 | |
| vmware | workstation | 2.0 | |
| vmware | workstation | 2.0.1 | |
| vmware | workstation | 3.2.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.1_build_5289 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 4.5.2_build_8848 | |
| vmware | workstation | 4.5.2_build_8848 | |
| vmware | workstation | 5 | |
| vmware | workstation | 5.0.0_build_13124 | |
| vmware | workstation | 5.5 | |
| vmware | workstation | 5.5.0_build_13124 | |
| vmware | workstation | 5.5.1 | |
| vmware | workstation | 5.5.1_build_19175 | |
| vmware | workstation | 5.5.2 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.3 | |
| vmware | workstation | 5.5.3_build_34685 | |
| vmware | workstation | 5.5.3_build_42958 | |
| vmware | workstation | 5.5.4 | |
| vmware | workstation | 5.5.4_build_44386 | |
| vmware | workstation | 5.5.5 | |
| vmware | workstation | 5.5.5_build_56455 | |
| vmware | workstation | 5.5.6 | |
| vmware | workstation | 5.5.7 | |
| vmware | workstation | 5.5.8 | |
| vmware | workstation | 6.0 | |
| vmware | workstation | 6.0.1 | |
| vmware | workstation | 6.0.1_build_55017 | |
| vmware | workstation | 6.0.2 | |
| vmware | workstation | 6.0.3 | |
| vmware | workstation | 6.0.4 | |
| vmware | workstation | 6.0.5 | |
| vmware | workstation | 6.5 | |
| vmware | workstation | 6.5.1 | |
| vmware | player | 1.0.0 | |
| vmware | player | 1.0.1 | |
| vmware | player | 1.0.2 | |
| vmware | player | 1.0.3 | |
| vmware | player | 1.0.4 | |
| vmware | player | 1.0.5 | |
| vmware | player | 1.0.6 | |
| vmware | player | 1.0.7 | |
| vmware | player | 1.0.8 | |
| vmware | player | 2.0 | |
| vmware | player | 2.0.1 | |
| vmware | player | 2.0.2 | |
| vmware | player | 2.0.3 | |
| vmware | player | 2.0.4 | |
| vmware | player | 2.0.5 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | server | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1A5C22-A89A-4B6B-9108-8C3678BBBC9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3_build_54075:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B6602F-EF25-4E20-B4AA-955C026F7AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.1_build_55017:*:*:*:*:*:*:*",
"matchCriteriaId": "9D438AB9-825C-4A9B-A3FF-55F2E5743B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFBF029A-103D-4BB6-B037-25EC2224DF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D00C4D90-3697-4F3F-8FFF-FE63F3AD0DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35A717A5-60C2-4470-943E-CA53781D4B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8FBC02-7F2F-4AEF-A5A3-E283D192937C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29AA2B37-BF5F-4AC5-844D-34CF56EC621C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07131E56-53EE-4CE1-A135-050792EA3C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86334051-8763-4CD9-9480-CAEAE756DFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66596F04-9C2E-4091-85A7-40239F3F920E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E831531-60FE-4DFC-994E-7409E6C69D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4C1A275E-2152-4A37-8CFE-34E8900E3426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1_build_5289:*:*:*:*:*:*:*",
"matchCriteriaId": "25F1481E-A07D-4913-BCF3-630561F0FBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F9694-8556-4990-A867-592D6A927498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4:*:*:*:*:*:*",
"matchCriteriaId": "0C605123-69F9-44AC-A17E-3C728059E628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5:*:*:*:*:*:*:*",
"matchCriteriaId": "37595A89-52C5-4699-A463-C9D91B91716B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "41B54C61-FB19-4900-A635-2F6B63BEC88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "B4BCB22F-7B9A-493B-AE19-18D0C15EA778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*",
"matchCriteriaId": "33D6D4DD-13D2-4EA0-A7D7-367C3809ABAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF51A7F-59DA-4F64-A4F7-3A250C950D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:42958:*:*:*:*:*:*",
"matchCriteriaId": "559D2177-ECB9-4AFF-A8B4-BCB47A1B4637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
"matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEAB605-03F6-4968-8A48-126C7C711043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2ADE72-4F19-4E73-AC3E-7038FE0D38B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D75ED54E-8E55-48BF-A52E-19FCCE895C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.5_build_56455:*:*:*:*:*:*:*",
"matchCriteriaId": "B27D214D-2BEF-4445-802A-5E02E9E5E5CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B53297E3-0C74-421B-8058-DAF7357D421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDEFCEF-F943-449B-91D8-A8CB290C7AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "97957D6F-0249-4814-8755-5C4537B58E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4408849A-21F1-40F5-A528-0BD47E1BF823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.1_build_55017:*:*:*:*:*:*:*",
"matchCriteriaId": "0692E537-A36E-470B-BECE-A17D531B925C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9938CB4F-96D1-4852-9694-28A93E13AA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB61760-87FD-4E60-ADC6-407EFA13773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBDE6D5-7131-421A-BABE-32F281615597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "89AA4FEF-FF8F-4706-89BC-8396F7614EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC6B629-30B3-4C45-B5E9-1B4310F186FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC68CA-DCA3-4399-807D-E7AC67C9C3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B13A58-1876-4322-AC25-107D43BABD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D04A928-4421-4BEE-9500-7398E4DB929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "088450C4-9C6F-4651-8D59-C36F1B0601BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA35C066-90A9-4DE2-A97A-38A6CFC59A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "462EEAD5-A78C-4381-847E-B6F1BE4CB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E666A5E4-4CDD-4915-B0F3-C63998D01846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7AD12A-26C9-48AD-A32A-0F56545DF8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "73C45BB0-C0DB-42B8-A238-B81D836CF91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "297226F7-05CB-4721-9D02-51FE2919D2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D3F9D4D-2116-49A7-9292-AF6B4456E175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2EAA90-B24A-45E7-B99F-DA3554A16F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "446F2959-C42B-403B-AE1C-BA7D305C60CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allows local users to gain privileges via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el archivo vmci.sys en la Virtual Machine Communication Interface (VMCI) en VMware Workstation v6.5.1 y anteriores, VMware Player v2.5.1 y anteriores, VMware ACE 2.5.1 y anteriores, y VMware Server v2.0.x anteriores a v2.0.1 build 156745 permite a los usuarios locales obtener privilegios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-1147",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-06T15:30:04.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021976"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/29503 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/43062 | VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/6345 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29503 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/43062 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/6345 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en un cierto control ActiveX en el COM API de VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, and VMware Server versiones anteriores a 1.0.7 build 108231 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del navegador) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una llamada al m\u00e9todo GuestInfo en el cual hay un argumento de cadena largo, y un asignamiento de un valor de cadena largo al resultado de esa llamada.\r\nNOTA: esto puede superponerse a CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, o CVE-2008-3696."
}
],
"id": "CVE-2008-3892",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29503"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/6345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/29503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/6345"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, and VMware Server versiones anteriores a1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, y CVE-2008-3695."
}
],
"id": "CVE-2008-3696",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0.3_build_54075:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B6602F-EF25-4E20-B4AA-955C026F7AD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of \"images stored in virtual machines downloaded by the user.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en EMC VMware ACE anterior a 1.0.3 Build 54075 permite a los atacantes tener in impacto desconocido mediante una manipulaci\u00f3n no especificada de \"im\u00e1genes almacenadas en m\u00e1quinas virtuales descargadas por el usuario\"."
}
],
"id": "CVE-2007-5025",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-27 15:30
Modified
2025-04-11 00:51
Severity ?
Summary
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://freetexthost.com/qr1tffkzpu | Exploit, URL Repurposed | |
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html | Exploit | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/36630 | Exploit | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://freetexthost.com/qr1tffkzpu | Exploit, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36630 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | ace | 2.5.3 | |
| vmware | ace | 2.5.4 | |
| vmware | ace | 2.6 | |
| vmware | ace | 2.6.1 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| vmware | player | 2.5.4 | |
| vmware | player | 3.0 | |
| vmware | player | 3.0.1 | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| vmware | workstation | 6.5.4 | |
| vmware | workstation | 7.0 | |
| vmware | workstation | 7.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB84B42-8C68-4B65-93F9-287B699B7540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E87681DB-CBD8-46A6-BD9A-FB621B627B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3997440A-B731-4F26-A90B-BB14A8F93E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "656039E8-8082-4208-B046-518D95769B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A115959-9CDA-45ED-9002-BA1A31074E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3684F0D0-B8BE-442B-AA27-0A485E6BFFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34F436D4-B7B7-43CB-A2BD-C5E791F7E3C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \\x25\\x90 sequence in the USER and PASS commands, a related issue to CVE-2009-3707. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "VMware Authentication Daemon 1.0 en vmware-authd.exe en VMware Authorization Service en VMware Workstation 7.0 en versiones anteriores a la 7.0.1 build 227600 y 6.5.x en versiones anteriores a la 6.5.4 build 246459, VMware Player 3.0 en versiones anteriores a la 3.0.1 build 227600 y 2.5.x en versiones anteriores a la 2.5.4 build 246459, VMware ACE 2.6 en versiones anteriores a la 2.6.1 build 227600 y 2.5.x en versiones anteriores a la 2.5.4 build 246459 y VMware Server 2.x permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso) mediante una secuencia \\x25\\x90 en los comandos USER y PASS, un problema relacionado con CVE-2009-3707. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2009-4811",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-27T15:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://freetexthost.com/qr1tffkzpu"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://freetexthost.com/qr1tffkzpu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://pocoftheday.blogspot.com/2009/10/vmware-server-20x-remote-dos-exploit.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/63607 | ||
| cve@mitre.org | http://secunia.com/advisories/39203 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39206 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39215 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://www.securityfocus.com/bid/39395 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1023836 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/63607 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39203 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39215 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/39395 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1023836 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 7.0 | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 | |
| vmware | workstation | 6.5.3 | |
| microsoft | windows | * | |
| vmware | player | 3.0 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | player | 2.5.3 | |
| microsoft | windows | * | |
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | ace | 2.5.3 | |
| vmware | ace | 2.6 | |
| vmware | server | 2.0.0 | |
| vmware | server | 2.0.1 | |
| vmware | server | 2.0.2 | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | fusion | 2.0.3 | |
| vmware | fusion | 2.0.4 | |
| vmware | fusion | 2.0.5 | |
| vmware | fusion | 2.0.6 | |
| vmware | fusion | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B53C0A-5A0C-4168-8AD3-F3E957AE8919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "949C3917-4D7E-4B51-A872-BFBECB4D2CB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA2A03-0A31-4290-987A-BE715758BA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E87681DB-CBD8-46A6-BD9A-FB621B627B0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E565F23-AEEE-41A4-80EC-01961AD5560E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C47EB8-8844-4D49-9246-008F7AE45C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7268F-A170-4366-9196-E73A956883DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process."
},
{
"lang": "es",
"value": "La pila de la red virtual en VMware Workstation v7.0 anteriores a v7.0.1 build 227600, VMware Workstation v6.5.x anteriores a v6.5.4 build 246459 en Windows, VMware Player v3.0 anteriores a v3.0.1 build 227600, VMware Player v2.5.x anteriores a v2.5.4 build 246459 en Windows, VMware ACE v2.6 anteriores a v2.6.1 build 227600 y v2.5.x anteriores a v2.5.4 build 246459, VMware Server v2.x, y VMware Fusion v3.0 anteriores a v3.0.1 build 232708 y v2.x anteriores a v2.0.7 build 246742 permite a atacantes remotos obtener informaci\u00f3n sensible de la memoria en el sistema operativo anfitri\u00f3n mediante el examen de los paquetes de red recibidos, relacionado con la interacci\u00f3n entre el sistema operativo invitado y el proceso vmware-vx anfitri\u00f3n."
}
],
"id": "CVE-2010-1138",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-12T18:30:00.553",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/63607"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39203"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39215"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39395"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023836"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/63607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31709 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31710 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30934 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020791 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en un cierto control ActiveX en VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, and VMware Server versiones anteriores a 1.0.7 build 108231 tiene un impacto y vectores de ataque desconocidos, una vulnerabilidad diferente a CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, y CVE-2008-3696."
}
],
"id": "CVE-2008-3694",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1020791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-21 20:03
Modified
2025-04-03 01:03
Severity ?
Summary
Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html | Exploit | |
| cve@mitre.org | http://secunia.com/advisories/18162 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/18344 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/282 | ||
| cve@mitre.org | http://securityreason.com/securityalert/289 | ||
| cve@mitre.org | http://securitytracker.com/id?1015401 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/856689 | US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/419997/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/420017/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/15998 | Patch | |
| cve@mitre.org | http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/3013 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18162 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18344 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/282 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/289 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1015401 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856689 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/419997/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/420017/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15998 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/3013 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 1.0 | |
| vmware | gsx_server | 2.0 | |
| vmware | gsx_server | 2.0.1_build_2129 | |
| vmware | gsx_server | 2.5.1 | |
| vmware | gsx_server | 2.5.1_build_5336 | |
| vmware | gsx_server | 2.5.2 | |
| vmware | gsx_server | 3.0 | |
| vmware | gsx_server | 3.0_build_7592 | |
| vmware | gsx_server | 3.1 | |
| vmware | gsx_server | 3.2 | |
| vmware | player | 1.0.0 | |
| vmware | workstation | 3.2.1 | |
| vmware | workstation | 3.4 | |
| vmware | workstation | 4.0 | |
| vmware | workstation | 4.0.1 | |
| vmware | workstation | 4.0.2 | |
| vmware | workstation | 4.5.2 | |
| vmware | workstation | 4.5.2_build_8848 | |
| vmware | workstation | 5.0.0_build_13124 | |
| vmware | workstation | 5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05CC5F49-0E9E-45D8-827D-A5940566DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.0.1_build_2129:*:*:*:*:*:*:*",
"matchCriteriaId": "5D94EE19-6CE9-4E02-8174-D9954CDBF02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E4BEE3-AE7B-4481-B724-2E644E18ACC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.5.1_build_5336:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAB7052-E0B6-472E-920B-A0F0AEA25D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4088851B-C42B-4B3C-B548-68A026C2BC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1E0FF6-89A3-4530-A6B5-D9951C951209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:3.0_build_7592:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE38F15-BD42-4171-8670-86AA8169A60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "944FE3AE-C500-4891-BC05-3F1E3417FF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:gsx_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "111932A6-B0ED-4A79-A533-AEA984DB6A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E76D03A3-DB55-48A2-B5A5-64002D28B95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.2.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "4C1A275E-2152-4A37-8CFE-34E8900E3426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A688A2-3E9C-4AA3-832B-300A5A311C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89098CFF-4696-4BD9-9BC9-D7C2D92FE729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DFFE7-EB73-4A88-A23B-9B386C091314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6C230D-7BAA-4A77-9E96-B1B994F4AAC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:4.5.2_build_8848:r4:*:*:*:*:*:*",
"matchCriteriaId": "0C605123-69F9-44AC-A17E-3C728059E628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*",
"matchCriteriaId": "41B54C61-FB19-4900-A635-2F6B63BEC88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3CF9F67-DE1A-4CB0-B3AB-B28DC8C02C4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands."
}
],
"id": "CVE-2005-4459",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-21T20:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18162"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18344"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/282"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/289"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015401"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856689"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15998"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/3013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040442.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419997/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420017/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/15998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/3013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26890 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27694 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27706 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/25731 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1018718 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27694 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27706 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25731 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018718 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A98FBF6-45D0-48BC-8E24-8C7F136F53AB",
"versionEndIncluding": "1.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4028C2-4A8A-41E3-9B58-5E48CEFC7F99",
"versionEndIncluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF86A1B-FC17-4CB4-9F3C-726491C117BB",
"versionEndIncluding": "1.0.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA625B0B-2837-4B5A-9B36-FC77CF0748AC",
"versionEndIncluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "574C5392-7607-4F34-A661-CF618AA52BC4",
"versionEndIncluding": "1.0.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7F4F51-A9B8-4CA9-AE2C-458E61DB9D47",
"versionEndIncluding": "5.5.5",
"versionStartIncluding": "5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40975D44-E804-4A1C-9577-18D7DE1051E5",
"versionEndIncluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en EMC VMware Workstation anterior a 5.5.5 Build 56455 y 6.x anterior a 6.0.1 Build 55017, Player anterior a 1.0.5 Build 56455 y Player 2 anterior a 2.0.1 Build 55017, ACE anterior a 1.0.3 Bui9ld 54075 y ACE 2 anterior a 2.0.1 Build 55017, y Server anterior a 1.0.4 Build 56528 permite a usuarios con acceso a un sistema operativo invitado (guest) provocar una denegaci\u00f3n de servicio (cuelgue total del sistema invitado y ca\u00edda o cuelgue del proceso anfitri\u00f3n) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2007-4497",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25731"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018718"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-03 14:12
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1020790 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/30936 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/44795 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31707 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/4202 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1020790 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/495869/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/30936 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0014.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2466 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/44795 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799650A4-BD6F-40EF-889B-6ED50E05CCA8",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E196532F-3B8D-4DAB-9DBA-FE204D3A07A9",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B553A95A-C3D3-4A01-80D6-2F656BA26BF3",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1D7B-2D6F-4D48-8276-5C3285FF7B3E",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BF4289-F9A3-49B8-9641-9F7B0A02F3E9",
"versionEndExcluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A47F4F7-B457-4F5B-B719-7A5741595456",
"versionEndExcluding": "5.5.8",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69FA6-E75A-4EDB-BD6C-41B560AABBC0",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la funci\u00f3n OpenProcess de VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, and VMware Server versiones anteriores a 1.0.7 build 108231 en Windows permite a usuarios locales del SO anfitri\u00f3n conseguir privilegios en el SO anfitri\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-3698",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-03T14:12:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020790"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30936"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44795"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-12 18:30
Modified
2025-04-11 00:51
Severity ?
Summary
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | Broken Link | |
| cve@mitre.org | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | Broken Link | |
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39110 | Not Applicable | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000090.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39110 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2010-0007.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2579A3BF-B7C0-4052-8D6A-31E872ECD2B6",
"versionEndExcluding": "2.5.4",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E87681DB-CBD8-46A6-BD9A-FB621B627B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B66157E4-285D-4975-BED8-9A52326F2100",
"versionEndExcluding": "2.5.4",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F747AC1-E163-41A4-BAC7-FDF46F4057D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9554F5-950A-422F-BC26-80C1BCCDD792",
"versionEndIncluding": "2.0.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "662DDDC1-E5A9-4D11-BC2E-66E05FBEB5AB",
"versionEndExcluding": "6.5.4",
"versionStartIncluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB33DBC9-3B63-457E-A353-B9E7378211AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en vmware-vmrc.exe build 158248 en VMware Remote Console (tambi\u00e9n conocido como VMrc) permite a atacantes remotos jcutar codigo arbitrario a trav\u00e9s de vectores inespec\u00edficos."
}
],
"id": "CVE-2009-3732",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-12T18:30:00.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/39110"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/39110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-21 19:17
Modified
2025-04-09 00:30
Severity ?
Summary
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/26890 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27694 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27706 | Third Party Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| cve@mitre.org | http://www.iss.net/threats/275.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/25729 | Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id?1018717 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3229 | Third Party Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/33103 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26890 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27694 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27706 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200711-23.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/threats/275.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25729 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018717 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-543-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace/doc/releasenotes_ace.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player/doc/releasenotes_player.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/player2/doc/releasenotes_player2.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/server/doc/releasenotes_server.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3229 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/33103 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | * | |
| vmware | ace | * | |
| vmware | player | * | |
| vmware | player | * | |
| vmware | server | * | |
| vmware | workstation | * | |
| vmware | workstation | * | |
| vmware | esx | 2.0.2 | |
| vmware | esx | 2.1.3 | |
| vmware | esx | 2.5.3 | |
| vmware | esx | 2.5.4 | |
| vmware | esx | 3.0.0 | |
| vmware | esx | 3.0.1 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 6.10 | |
| canonical | ubuntu_linux | 7.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE329FB-74A5-4D8C-B5D5-C6063CAAB479",
"versionEndExcluding": "1.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "310A0A72-A709-407D-A68D-24EF59EEC553",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B87BD440-71B2-4D1C-B22A-A661D01928C0",
"versionEndExcluding": "1.0.5",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35A00737-2932-4877-8E02-1F9534C6FBAE",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02269212-A8EE-4BB2-8C6E-122953AAFB83",
"versionEndExcluding": "1.0.4",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27920879-1408-4514-BA3F-B31DD69FACA2",
"versionEndExcluding": "5.5.5",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACA1016-EAC5-4210-ABDC-C2499F2841EA",
"versionEndExcluding": "6.0.1",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "796BEFD3-F30A-4397-BC3E-1156DE47CA4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F768C-5549-4498-8C5D-13BC5046B721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01BB3005-A185-4701-945E-8E14A23A016F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento inferior de entero en el servidor DHCP de EMC VMware Workstation anterior a 5.5.5 Build 56455 y 5.x anterior a 6.0.1 Build 55017, Player anterior a 1.0.5 Build 56455 y Player 2 anterior a 2.0.1 Build 55017, ACE anterior a 1.0.3 Build 54075 y ACE 2 anterior a 2.0.1 Build 55017, y Server anterior a 1.0.4 Build 56527 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete DHCP mal formado que dispara un desbordamiento de b\u00fafer basado en pila."
}
],
"id": "CVE-2007-0063",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-21T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/26890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/27706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.iss.net/threats/275.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1018717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-543-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33103"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue is the same as CVE-2007-5365. The affected dhcp versions were fixed via: https://rhn.redhat.com/errata/RHSA-2007-0970.html\n",
"lastModified": "2008-06-03T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-02 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.vmware.com/pipermail/security-announce/2009/000069.html | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/37172 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| cve@mitre.org | http://securitytracker.com/id?1023082 | ||
| cve@mitre.org | http://securitytracker.com/id?1023083 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/507523/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/507539/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/36841 | Exploit | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0015.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/3062 | Vendor Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2009/000069.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37172 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201209-25.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023082 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023083 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507523/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507539/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36841 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0015.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3062 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace | 2.5.0 | |
| vmware | ace | 2.5.1 | |
| vmware | ace | 2.5.2 | |
| vmware | esx | 2.5.5 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| vmware | fusion | 2.0 | |
| vmware | fusion | 2.0.1 | |
| vmware | fusion | 2.0.2 | |
| vmware | fusion | 2.0.3 | |
| vmware | fusion | 2.0.4 | |
| vmware | fusion | 2.0.5 | |
| vmware | player | 2.5 | |
| vmware | player | 2.5.1 | |
| vmware | player | 2.5.2 | |
| vmware | server | 1.0 | |
| vmware | server | 1.0.1 | |
| vmware | server | 1.0.2 | |
| vmware | server | 1.0.3 | |
| vmware | server | 1.0.4 | |
| vmware | server | 1.0.5 | |
| vmware | server | 1.0.6 | |
| vmware | server | 1.0.7 | |
| vmware | server | 1.0.8 | |
| vmware | server | 1.0.9 | |
| vmware | server | 2.0 | |
| vmware | server | 2.0 | |
| vmware | server | 2.0.1 | |
| vmware | workstation | 6.5.0 | |
| vmware | workstation | 6.5.1 | |
| vmware | workstation | 6.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5674C3DD-F510-4701-ACA8-437576307528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62960B2-91AE-4DD7-8085-9BA6BCB84473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B037838B-072E-4676-9E5D-86F5BC207512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6F7416-E694-4EC9-9FE5-0C24448ECB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5ECA1B-7415-4390-8018-670F2C3CDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "889DE9BE-886F-4BEF-A794-5B5DE73D2322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDAA7C8-8F2F-4037-A517-2C1EDB70B203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E18541B-36B6-40A7-9749-FA47A10379C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55EBD95F-3DF7-49F3-A7AA-47085E0B7C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DA47C9-3D1A-49A7-8976-AE05D6730673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "692CC131-5C6C-4AD6-B85C-07DF21168BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "617EFBFF-D047-4A0B-ACB6-83B27710F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D0DF91-17E8-45D4-B625-737FE50C23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE944A70-CB9C-4712-9802-509531396A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252D2C0B-B89A-4C89-8D6B-6A8E58FCD8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62DA49FA-6657-45B5-BF69-D3A03BA62A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73EC33AB-E92A-4AA8-A523-C341133BB515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53197903-0614-4460-8944-C1B5257D71A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F037B05F-6F92-4BE1-B672-F677CBEFD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFEAE8-0118-4548-A6EA-E90FA8FE7AF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42049891-38B7-4BB7-8DA5-A87169E2D958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07139DF7-C36B-4FED-8558-7FA49BE0BCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0D7307-5946-45DC-88D3-6BC72EF50184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "89699BB6-9E41-41DC-B597-B45CA05313A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9D09AC-7D9B-4150-86BC-19F44F6F2CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2786E370-6108-4695-B0A8-9F19D8E3C0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C2AAA6D-A31D-43A7-AB2F-FBF9815A9745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CFDD84-A482-42C2-B43F-839F4D7F1130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8F3BFF-676B-4E2C-98BA-DCA71E49060F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E658DA-56E8-49F0-B486-4EF622B63627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "541D77A2-99C5-4CDB-877F-7E83E1E3369E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the guest OS by specifying a crafted value for the cs register."
},
{
"lang": "es",
"value": "VMware Workstation v6.5.x anteriores a v6.5.3 build 185404, VMware Player v2.5.x anteriores a v2.5.3 build 185404, VMware ACE v2.5.x anteriores a v2.5.3 build 185404, VMware Server v1.x anteriores a v1.0.10 build 203137 and v2.x anteriores a v2.0.2 build 203138, VMware Fusion v2.x anteriores a v2.0.6 build 196839, VMware ESXi v3.5 y v4.0, y VMware ESX v2.5.5, v3.0.3, v3.5 y v4.0, cuando el modo Virtual-8086 es usado, no asigna adecuadamente el c\u00f3digo de excepci\u00f3n para una excepci\u00f3n de fallo de p\u00e1gina (tambi\u00e9n conocido como #PF), lo que permite a usuarios del SO anfitri\u00f3n obtener privilegios en el SO anfitri\u00f3n especificando un valor modificado para el registro cs."
}
],
"id": "CVE-2009-2267",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-02T15:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37172"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023082"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023083"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507539/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36841"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507523/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507539/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/36841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8473"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}