Vulnerabilites related to vmware - vmware_player
Vulnerability from fkie_nvd
Published
2009-01-20 16:00
Modified
2024-11-21 00:59
Severity ?
Summary
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
References
cve@mitre.orghttp://lists.vmware.com/pipermail/security-announce/2009/000054.htmlPatch
cve@mitre.orghttp://osvdb.org/51180
cve@mitre.orghttp://seclists.org/fulldisclosure/2009/Apr/0036.htmlPatch
cve@mitre.orghttp://secunia.com/advisories/33372Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/34601Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/34373Exploit
cve@mitre.orghttp://www.securitytracker.com/id?1021512
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2009-0005.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0024Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0944Vendor Advisory
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433
cve@mitre.orghttps://www.exploit-db.com/exploits/7647
af854a3a-2127-422b-91ae-364da2661108http://lists.vmware.com/pipermail/security-announce/2009/000054.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/51180
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2009/Apr/0036.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33372Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34601Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34373Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021512
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2009-0005.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0024Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0944Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/7647
Impacted products
Vendor Product Version
vmware ace *
vmware ace 2.5.0
vmware fusion *
vmware server 2.0.0
vmware vmware_player *
vmware vmware_player 1.0.0
vmware vmware_player 1.0.1
vmware vmware_player 1.0.2
vmware vmware_player 1.0.3
vmware vmware_player 1.0.4
vmware vmware_player 1.0.6
vmware vmware_player 1.0.7
vmware vmware_player 1.0.8
vmware vmware_player 1.0.9
vmware vmware_player 1.05
vmware vmware_player 2.0
vmware vmware_player 2.0.1
vmware vmware_player 2.0.2
vmware vmware_player 2.0.3
vmware vmware_player 2.0.4
vmware vmware_player 2.0.5
vmware vmware_player 2.5
vmware vmware_workstation *
vmware vmware_workstation 4.5.3
vmware vmware_workstation 5.0
vmware vmware_workstation 5.5.0
vmware vmware_workstation 5.5.1
vmware vmware_workstation 5.5.2
vmware vmware_workstation 5.5.3
vmware vmware_workstation 5.5.4
vmware vmware_workstation 5.5.5
vmware vmware_workstation 5.5.6
vmware vmware_workstation 5.5.7
vmware vmware_workstation 5.5.8
vmware vmware_workstation 6.0
vmware vmware_workstation 6.0.1
vmware vmware_workstation 6.0.2
vmware vmware_workstation 6.0.3
vmware vmware_workstation 6.0.4
vmware vmware_workstation 6.0.5
vmware vmware_workstation 6.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D249F86-E463-4AB1-BEEE-0828D5A2D761",
              "versionEndIncluding": "2.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71537AE-346D-4BA9-90E7-EA0AB0CD0886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4004A38A-01A6-41BE-84EB-1D7C7FAD0214",
              "versionEndIncluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "318D5F4B-48C5-4214-B60C-9A2EEEF44835",
              "versionEndIncluding": "2.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E684965-43F7-4A51-850F-4C88F42940E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "357B60EC-C5F1-4FA4-B4AF-F81298479D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "933562E3-B6D5-4250-A07B-AB8437ED4D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F23F68-6853-4862-99CB-4F214816358F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAFBF6B0-5E0A-4F62-82C7-D9861D0F5F31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "43282BF6-665C-4F77-8E95-487523863965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4FFF490-8AA9-4296-99F0-DC57E5D4F56C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC850AB-7728-4EE3-9EB5-E1E4D7338202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B1CA212-4114-4D45-B746-9C2AAF60CFCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5085E31D-7472-408B-A85D-90337407A24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D57F024-3484-4EEA-8F9E-08A1AE5E3D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D82E91-181E-4E7D-943D-6FC74D40CEB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "21C496BC-404A-4C23-A0CB-DEE8BB8550A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8EF66E7-ECDA-40F9-9070-5857D2DEF818",
              "versionEndIncluding": "6.51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:4.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0790DFEB-3ADE-4057-BA9D-025BD5F5B477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "433C05BD-1CAC-4F40-9F69-D0333C5F0E3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6811B662-07E0-4B95-BFC6-C87C02110C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EAB3D2-79EE-43A3-8A08-3E8140C1B1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE15637B-FAE4-4FC7-8F45-B3B1554F8F3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B32C157-020F-400B-970C-B93CF573EB27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E1F0A2-8791-4627-8583-55B2A67D2F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3767CDDC-DF72-4AAE-B544-D2DFE02A199D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "640130AA-C905-4DD6-97BD-ABA90705F0B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02EBBFDD-AC46-481A-8DA7-64619B447637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0B1FF0-80DC-433B-9298-346225060808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ECA0396-CBCA-4D21-BD9A-EFCE24D616D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94533C3D-8767-44DB-ABF7-B991C3E47858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command."
    },
    {
      "lang": "es",
      "value": "En la biblioteca vmwarebase.dll, tal y como es usado en el servicio vmware-authd (tambi\u00e9n se conoce como vmware-authd.exe), en VMware Workstation versi\u00f3n  6.5.1 build 126130, versi\u00f3n 6.5.1 y anteriores; VMware Player versi\u00f3n  2.5.1 build 126130, versi\u00f3n 2.5.1 y anteriores; VMware ACE versi\u00f3n 2.5.1 y anteriores; VMware Server versiones 2.0.x anteriores a 2.0.1 build 156745; y VMware Fusion anterior a versi\u00f3n 2.0.2 build 147997, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de un comando largo (1) USUARIO o (2) PASS."
    }
  ],
  "id": "CVE-2009-0177",
  "lastModified": "2024-11-21T00:59:17.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-20T16:00:09.030",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/51180"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33372"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34601"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/34373"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021512"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0024"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0944"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/7647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/51180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/34373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/7647"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-06-05 20:32
Modified
2024-11-21 00:38
Severity ?
Summary
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
References
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712
cve@mitre.orghttp://secunia.com/advisories/30556Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-201209-25.xml
cve@mitre.orghttp://securityreason.com/securityalert/3922
cve@mitre.orghttp://securitytracker.com/id?1020197
cve@mitre.orghttp://www.securityfocus.com/archive/1/493080/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/493148/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/493172/100/0/threaded
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2008-0009.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1744
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30556Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201209-25.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3922
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1020197
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/493080/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/493148/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/493172/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0009.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1744
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688
Impacted products
Vendor Product Version
vmware ace 1.0.0
vmware ace 1.0.1
vmware ace 1.0.2
vmware ace 1.0.3
vmware ace 1.0.4
vmware esx_server 2.5.5
vmware player 1.0.4
vmware server 1.0.3
vmware vmware_player 1.0.0
vmware vmware_player 1.0.1
vmware vmware_player 1.0.2
vmware vmware_player 1.0.3
vmware vmware_player 1.0.5
vmware vmware_server 1.0.0
vmware vmware_server 1.0.1
vmware vmware_server 1.0.2
vmware vmware_server 1.0.4
vmware vmware_workstation 5.5.0
vmware vmware_workstation 5.5.2
vmware vmware_workstation 5.5.5
vmware workstation 5.5.1
vmware workstation 5.5.3
vmware workstation 5.5.4
vmware esx 2.5.4
vmware esx 3.0.0
vmware esx 3.0.1
vmware esx 3.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "700C0BB4-2272-4405-9D9A-A636E3D22461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADCA876-2B69-4267-8467-E7E470428D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8DD6D27-1335-44EF-8B69-A9163A67BC2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9565E5-042E-4C62-A7C7-54808B15F0BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BA6DF4-4D53-482A-8820-B9B0E6EBD51D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "974D84A6-F5AB-4F0A-B9B5-9095A0E4733C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C3613B7-CA1B-4C9A-9076-A2894202DDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7ECF1C-285C-4AA3-8B66-28EDAB0763E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
    },
    {
      "lang": "es",
      "value": "HGFS.sys en el VMware Tools package en VMware Workstation 5.x anterior a 5.5.6 build 80404, VMware Player anterior a 1.0.6 build 80404, VMware ACE anterior a 1.0.5 build 79846, VMware Server anterior a 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2, no valida correctamente argumentos en el modo de usuario METHOD_NEITHER IOCTLs hacia  \\\\.\\hgfs, lo que permite al sistema operativo huesped, modificar ubicaciones de memoria de su elecci\u00f3n en el n\u00facleo de la memoria del sistema huesped y as\u00ed obtener privilegios."
    }
  ],
  "id": "CVE-2007-5671",
  "lastModified": "2024-11-21T00:38:25.913",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-05T20:32:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1020197"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-10-13 01:17
Modified
2024-11-21 00:37
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.
References
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
cve@mitre.orghttp://osvdb.org/43488
cve@mitre.orghttp://secunia.com/advisories/31707Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/31708Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/31709Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/31710Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/3219
cve@mitre.orghttp://www.eleytt.com/advisories/eleytt_VMWARE1.pdf
cve@mitre.orghttp://www.securityfocus.com/archive/1/482021/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/495869/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/26025
cve@mitre.orghttp://www.securitytracker.com/id?1020791
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2008-0014.html
cve@mitre.orghttp://www.vmware.com/support/ace/doc/releasenotes_ace.html
cve@mitre.orghttp://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
cve@mitre.orghttp://www.vmware.com/support/player/doc/releasenotes_player.html
cve@mitre.orghttp://www.vmware.com/support/player2/doc/releasenotes_player2.html
cve@mitre.orghttp://www.vmware.com/support/server/doc/releasenotes_server.html
cve@mitre.orghttp://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
cve@mitre.orghttp://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2466Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/43488
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31707Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31708Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31709Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31710Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3219
af854a3a-2127-422b-91ae-364da2661108http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/482021/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/495869/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26025
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020791
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0014.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/ace/doc/releasenotes_ace.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/player/doc/releasenotes_player.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/player2/doc/releasenotes_player2.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/server/doc/releasenotes_server.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2466Vendor Advisory
Impacted products
Vendor Product Version
vmware ace 1.0
vmware ace 1.0.1
vmware ace 1.0.2
vmware ace 1.0.3
vmware ace 1.0.4
vmware ace 1.0.5
vmware ace 1.0.6
vmware ace 1.0.7
vmware ace 2.0
vmware ace 2.0.1
vmware ace 2.0.2
vmware ace 2.0.3
vmware ace 2.0.4
vmware ace 2.0.5
vmware vmware_player 1.0.0
vmware vmware_player 1.0.1
vmware vmware_player 1.0.2
vmware vmware_player 1.0.3
vmware vmware_player 1.0.4
vmware vmware_player 1.0.5
vmware vmware_player 1.0.6
vmware vmware_player 1.0.7
vmware vmware_player 1.0.8
vmware vmware_player 2.0
vmware vmware_player 2.0.1
vmware vmware_player 2.0.2
vmware vmware_player 2.0.3
vmware vmware_player 2.0.4
vmware vmware_player 2.0.5
vmware vmware_server *
vmware vmware_server 1.0
vmware vmware_server 1.0.1
vmware vmware_server 1.0.2
vmware vmware_server 1.0.3
vmware vmware_server 1.0.4
vmware vmware_server 1.0.5
vmware vmware_server 1.0.6
vmware vmware_workstation 5.5.0
vmware vmware_workstation 5.5.1
vmware vmware_workstation 5.5.2
vmware vmware_workstation 5.5.3
vmware vmware_workstation 5.5.4
vmware vmware_workstation 5.5.5
vmware vmware_workstation 5.5.6
vmware vmware_workstation 5.5.7
vmware vmware_workstation 5.5.8
vmware vmware_workstation 6.0
vmware vmware_workstation 6.0.1
vmware vmware_workstation 6.0.2
vmware vmware_workstation 6.0.3
vmware vmware_workstation 6.0.4
vmware vmware_workstation 6.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC82A8C-E561-4E35-A84D-66A4D6C90264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C6150A-2DF3-4F7B-B024-0F3DBB686124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40192EE1-A300-42C3-BC98-286C9E5A281E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "87291B27-442C-4CAB-94A1-67FC766486EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B04862-4377-422E-931A-B17FE1CA1884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35B6730-F05B-4B62-B4DE-07C61A4924F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "78957047-FB9F-4D1D-B3D9-91257A6B4D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A04DB52-C66C-4AA9-9D6F-9D2DC202C5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "280033C5-90EF-4825-A87D-B23650D8C71A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E684965-43F7-4A51-850F-4C88F42940E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9565E5-042E-4C62-A7C7-54808B15F0BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "357B60EC-C5F1-4FA4-B4AF-F81298479D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "933562E3-B6D5-4250-A07B-AB8437ED4D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F23F68-6853-4862-99CB-4F214816358F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4FFF490-8AA9-4296-99F0-DC57E5D4F56C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC850AB-7728-4EE3-9EB5-E1E4D7338202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B1CA212-4114-4D45-B746-9C2AAF60CFCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5085E31D-7472-408B-A85D-90337407A24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D57F024-3484-4EEA-8F9E-08A1AE5E3D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D82E91-181E-4E7D-943D-6FC74D40CEB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468BCB8E-139E-4340-B671-7DB979499D14",
              "versionEndIncluding": "1.0.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "025EC5A6-E4DF-421F-911B-BD15FBF2A3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CA04700-CF35-43CA-AD4E-BB93E206FDD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E6F9A4A-41B0-48D9-B60C-EBF4EF899953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AEF399-7640-45CB-9393-11F06D0E13C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6811B662-07E0-4B95-BFC6-C87C02110C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EAB3D2-79EE-43A3-8A08-3E8140C1B1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE15637B-FAE4-4FC7-8F45-B3B1554F8F3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B32C157-020F-400B-970C-B93CF573EB27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E1F0A2-8791-4627-8583-55B2A67D2F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3767CDDC-DF72-4AAE-B544-D2DFE02A199D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "640130AA-C905-4DD6-97BD-ABA90705F0B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02EBBFDD-AC46-481A-8DA7-64619B447637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0B1FF0-80DC-433B-9298-346225060808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ECA0396-CBCA-4D21-BD9A-EFCE24D616D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en un cierto control ActiveX en Reconfig.DLL en VMware Workstation 5.5.x anteriores al 5.5.8 build 108000, VMware Workstation versiones 6.0.x anteriores a 6.0.5 build 109488, VMware Player versiones 1.x anteriores a 1.0.8 build 108000, VMware Player versiones 2.x anteriores a 2.0.5 build 109488, VMware ACE versiones 1.x anteriores a 1.0.7 build 108880, VMware ACE versiones 2.x anteriores a 2.0.5 build 109488 y VMware Server versiones anteriores a 1.0.7 build 108231, podr\u00eda permitir a usuarios locales una denegaci\u00f3n de servicio al Virtual Disk Mount Service (vmount2.exe), relacionado con la funci\u00f3n ConnectPopulatedDiskEx."
    }
  ],
  "id": "CVE-2007-5438",
  "lastModified": "2024-11-21T00:37:53.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-10-13T01:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/43488"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31707"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31708"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31709"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31710"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3219"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26025"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020791"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/43488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31708"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2466"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-02-26 00:44
Modified
2024-11-21 00:43
Severity ?
Summary
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
References
cve@mitre.orghttp://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html
cve@mitre.orghttp://lists.vmware.com/pipermail/security-announce/2008/000008.html
cve@mitre.orghttp://secunia.com/advisories/29117
cve@mitre.orghttp://securityreason.com/securityalert/3700
cve@mitre.orghttp://www.coresecurity.com/?action=item&id=2129
cve@mitre.orghttp://www.securityfocus.com/archive/1/488725/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/489739/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/27944
cve@mitre.orghttp://www.securityfocus.com/bid/28276
cve@mitre.orghttp://www.securitytracker.com/id?1019493
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2008-0005.html
cve@mitre.orghttp://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
cve@mitre.orghttp://www.vmware.com/support/player/doc/releasenotes_player.html
cve@mitre.orghttp://www.vmware.com/support/player2/doc/releasenotes_player2.html
cve@mitre.orghttp://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
cve@mitre.orghttp://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0679
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0905/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/40837
af854a3a-2127-422b-91ae-364da2661108http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html
af854a3a-2127-422b-91ae-364da2661108http://lists.vmware.com/pipermail/security-announce/2008/000008.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29117
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3700
af854a3a-2127-422b-91ae-364da2661108http://www.coresecurity.com/?action=item&id=2129
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/488725/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/489739/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27944
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28276
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019493
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0005.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/player/doc/releasenotes_player.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/player2/doc/releasenotes_player2.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0679
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0905/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/40837
Impacted products
Vendor Product Version
vmware ace 1.0
vmware ace 1.0.2
vmware ace 2.0
vmware ace 2.0.1
vmware ace 2.0.2
vmware player 1.0.4
vmware vmware_player 1.0.1_build_19317
vmware vmware_player 1.0.2
vmware vmware_player 1.0.3
vmware vmware_workstation 6.0.1
vmware vmware_workstation 6.0.2
vmware workstation 4.5.2
vmware workstation 5.5.3_build_34685
vmware workstation 5.5.4
vmware workstation 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1_build_19317:*:*:*:*:*:*:*",
              "matchCriteriaId": "7764D48A-2D43-413F-9214-AE754DDCF68F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en la caracter\u00edstica de Archivos Compartidos de VMWare ACE 1.0.2 y 2.0.2, Player 1.0.4 y 2.0.2, y Workstation 5.5.4 y 6.0.2 permite a usuarios de SO invitados leer y escribir archivos de su elecci\u00f3n en el SO anfitri\u00f3n a trav\u00e9s de una cadena multibyte que produce una cadena de caracteres ancha que contiene secuencias de .. (punto punto), lo que evita el mecanismo de protecci\u00f3n, como se demostr\u00f3 usando una cadena \"%c0%2e%c0%2e\"."
    }
  ],
  "id": "CVE-2008-0923",
  "lastModified": "2024-11-21T00:43:14.113",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-26T00:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29117"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3700"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.coresecurity.com/?action=item\u0026id=2129"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27944"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28276"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019493"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0679"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0905/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.coresecurity.com/?action=item\u0026id=2129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0905/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-04-06 15:30
Modified
2024-11-21 00:52
Severity ?
Summary
Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors.
References
cve@mitre.orghttp://lists.vmware.com/pipermail/security-announce/2009/000054.html
cve@mitre.orghttp://seclists.org/fulldisclosure/2009/Apr/0036.html
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-201209-25.xml
cve@mitre.orghttp://www.securityfocus.com/bid/34373
cve@mitre.orghttp://www.securitytracker.com/id?1021973
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2009-0005.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0944
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6439
af854a3a-2127-422b-91ae-364da2661108http://lists.vmware.com/pipermail/security-announce/2009/000054.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2009/Apr/0036.html
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201209-25.xml
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34373
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021973
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2009-0005.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0944
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6439
Impacted products
Vendor Product Version
emc vmware_player *
vmware vmware_ace 1.0
vmware vmware_ace 1.0.2
vmware vmware_ace 1.0.3
vmware vmware_ace 1.0.4
vmware vmware_ace 1.0.5
vmware vmware_ace 1.0.7
vmware vmware_ace 1.0.8
vmware vmware_ace 2.0.1
vmware vmware_ace 2.0.2
vmware vmware_ace 2.0.3
vmware vmware_ace 2.0.5
vmware vmware_ace 2.5
vmware vmware_ace 2.5.1
vmware vmware_esx 3.0.2
vmware vmware_esx 3.0.3
vmware vmware_esx 3.5
vmware vmware_esxi 3.5
vmware vmware_player 1.0.0
vmware vmware_player 1.0.1
vmware vmware_player 1.0.2
vmware vmware_player 1.0.3
vmware vmware_player 1.0.4
vmware vmware_player 1.0.5
vmware vmware_player 1.0.6
vmware vmware_player 1.0.7
vmware vmware_player 1.0.8
vmware vmware_player 1.0.9
vmware vmware_player 1.01
vmware vmware_player 1.05
vmware vmware_player 2.0
vmware vmware_player 2.0.1
vmware vmware_player 2.0.2
vmware vmware_player 2.0.3
vmware vmware_player 2.0.4
vmware vmware_player 2.0.5
vmware vmware_player 2.5
vmware vmware_player 2.5.1
vmware vmware_server 1.0
vmware vmware_server 1.0.0
vmware vmware_server 1.0.1
vmware vmware_server 1.0.2
vmware vmware_server 1.0.3
vmware vmware_server 1.0.4
vmware vmware_server 1.0.5
vmware vmware_server 1.0.6
vmware vmware_server 1.0.7
vmware vmware_server 1.05
vmware vmware_server 2.0
vmware vmware_workstation 4.5.3
vmware vmware_workstation 5.0
vmware vmware_workstation 5.5.0
vmware vmware_workstation 5.5.1
vmware vmware_workstation 5.5.2
vmware vmware_workstation 5.5.3
vmware vmware_workstation 5.5.4
vmware vmware_workstation 5.5.5
vmware vmware_workstation 5.5.6
vmware vmware_workstation 5.5.7
vmware vmware_workstation 5.5.8
vmware vmware_workstation 6.0
vmware vmware_workstation 6.0.0.45731
vmware vmware_workstation 6.0.1
vmware vmware_workstation 6.0.2
vmware vmware_workstation 6.0.3
vmware vmware_workstation 6.0.4
vmware vmware_workstation 6.0.4
vmware vmware_workstation 6.0.5
vmware vmware_workstation 6.03
vmware vmware_workstation 6.5
vmware vmware_workstation 6.5.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:vmware_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A58FD7E-C4FB-4326-B402-F997B853ABEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65133BF3-A7CC-4D9E-BBB4-F1984386F73E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "45CEAD2D-6722-44AF-B92E-3306DF5468A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "54494FC2-5513-48FE-AE9C-B08AEB6DDE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB43AB45-95B2-4230-8010-F0F387ACDD9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4EA026A-6FD5-48D7-BC2F-B1004B6E0A85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8C6CFB-7195-46B9-B4E6-1A0FC2A566E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8388715-45C8-442D-96EB-2DB6898E5D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C16C7643-5C41-4829-AFB2-32AF62088FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E626EC-D398-4A76-A8E4-DB456460BA24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1954B8A5-48EB-4D0C-A4D7-0F57FA4D7001",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B23960F-EDD5-4705-8F1A-CE59DD90631B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DDC66A2-8CB9-4C16-978A-B275C037E223",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_ace:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2B5092-3047-48FD-90CB-080388B7E659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_esx:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE233FBC-F389-49CA-99D9-CDE26154BE42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_esx:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "564269E8-9536-4E69-9760-C819F04D32AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_esx:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "93F8BE4D-EF33-4CC8-B66B-16ADE1CCBB63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_esxi:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C25C336B-B4BC-4FDF-8FD2-F90783841EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3771AFCF-E247-427A-8076-9E36EA457658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C124AC-C421-459E-8251-E7B3BD33874B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E684965-43F7-4A51-850F-4C88F42940E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9565E5-042E-4C62-A7C7-54808B15F0BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "357B60EC-C5F1-4FA4-B4AF-F81298479D39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "933562E3-B6D5-4250-A07B-AB8437ED4D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F23F68-6853-4862-99CB-4F214816358F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAFBF6B0-5E0A-4F62-82C7-D9861D0F5F31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6706C47-91C1-4902-96FC-0431B01D508C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:1.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "43282BF6-665C-4F77-8E95-487523863965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4FFF490-8AA9-4296-99F0-DC57E5D4F56C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC850AB-7728-4EE3-9EB5-E1E4D7338202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B1CA212-4114-4D45-B746-9C2AAF60CFCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5085E31D-7472-408B-A85D-90337407A24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D57F024-3484-4EEA-8F9E-08A1AE5E3D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D82E91-181E-4E7D-943D-6FC74D40CEB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "21C496BC-404A-4C23-A0CB-DEE8BB8550A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_player:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FC8AA52-F2A6-4FB1-85D8-EDD136031DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "025EC5A6-E4DF-421F-911B-BD15FBF2A3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8230EFE6-8AB6-41DF-9A46-CAE4E5BB7F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2C792F-48DA-46B5-B42E-9A045B393531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6968BBA4-3A55-4495-ACB2-6F7535EBEAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CA04700-CF35-43CA-AD4E-BB93E206FDD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6FFF35E-DCFC-4C13-8C5A-7CE80A161370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E6F9A4A-41B0-48D9-B60C-EBF4EF899953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AEF399-7640-45CB-9393-11F06D0E13C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A84D8B-318B-4FEB-B1BD-A1515CA48506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:1.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "81AC6F29-6B96-4BF5-9E89-6AF58F5A483D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_server:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D562CD32-FECB-431C-AD26-01F2E38F94A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:4.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0790DFEB-3ADE-4057-BA9D-025BD5F5B477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "433C05BD-1CAC-4F40-9F69-D0333C5F0E3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "270D5FAD-A226-4F6F-BF0B-2C6D91C525D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6811B662-07E0-4B95-BFC6-C87C02110C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "504CD24F-2EC6-45C0-8E46-69BAE8483521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EAB3D2-79EE-43A3-8A08-3E8140C1B1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE15637B-FAE4-4FC7-8F45-B3B1554F8F3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBD26B9-60A6-4D6B-B031-0DA8A9F3323F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B32C157-020F-400B-970C-B93CF573EB27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E1F0A2-8791-4627-8583-55B2A67D2F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3767CDDC-DF72-4AAE-B544-D2DFE02A199D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "640130AA-C905-4DD6-97BD-ABA90705F0B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.0.45731:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F01ABD8-5C77-422E-849C-E7460072DB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02EBBFDD-AC46-481A-8DA7-64619B447637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0B1FF0-80DC-433B-9298-346225060808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.4:build_93057:*:*:*:*:*:*",
              "matchCriteriaId": "5C2F6830-0BEA-4B83-A90A-65DA9434553A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ECA0396-CBCA-4D21-BD9A-EFCE24D616D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "652DCCCA-2C0F-482F-AD1C-F3913BD3430D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94533C3D-8767-44DB-ABF7-B991C3E47858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:vmware_workstation:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD775800-CA7B-4433-A921-4F84C57F45EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en un controlado de dispositivo virtual invitado en VMware Workstation versiones anteriores a v5.5.9 build 126128, y v6.5.1 y versiones anteriores 6.x ; VMware Player versiones anteriores a v1.0.9 build 126128, y v2.5.1 y versiones anteriores 2.x; VMware ACE versiones anteriores a v1.0.8 build 125922, y v2.5.1 y versiones anteriores 2.x; VMware Server 1.x versiones anteriores a v1.0.8 build 126538 y 2.0.x versiones anteriores a v2.0.1 build 156745; VMware Fusion versiones anteriore a v2.0.1; VMware ESXi v3.5; y VMware ESX 3.0.2, v3.0.3, y v3.5 permite a usuarios del sistema operativo visitantes provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema operativo host) a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2008-4916",
  "lastModified": "2024-11-21T00:52:50.127",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-06T15:30:01.530",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34373"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021973"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/0944"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6439"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2009-0177
Vulnerability from cvelistv5
Published
2009-01-20 15:26
Modified
2024-08-07 04:24
Severity ?
Summary
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433vdb-entry, signature, x_refsource_OVAL
http://seclists.org/fulldisclosure/2009/Apr/0036.htmlmailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/33372third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/34373vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2009/0024vdb-entry, x_refsource_VUPEN
http://osvdb.org/51180vdb-entry, x_refsource_OSVDB
https://www.exploit-db.com/exploits/7647exploit, x_refsource_EXPLOIT-DB
http://www.securitytracker.com/id?1021512vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2009/0944vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/34601third-party-advisory, x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2009/000054.htmlmailing-list, x_refsource_MLIST
http://www.vmware.com/security/advisories/VMSA-2009-0005.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6433",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
          },
          {
            "name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
          },
          {
            "name": "33372",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33372"
          },
          {
            "name": "34373",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34373"
          },
          {
            "name": "ADV-2009-0024",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0024"
          },
          {
            "name": "51180",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/51180"
          },
          {
            "name": "7647",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/7647"
          },
          {
            "name": "1021512",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021512"
          },
          {
            "name": "ADV-2009-0944",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0944"
          },
          {
            "name": "34601",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34601"
          },
          {
            "name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6433",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
        },
        {
          "name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
        },
        {
          "name": "33372",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33372"
        },
        {
          "name": "34373",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34373"
        },
        {
          "name": "ADV-2009-0024",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0024"
        },
        {
          "name": "51180",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/51180"
        },
        {
          "name": "7647",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/7647"
        },
        {
          "name": "1021512",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021512"
        },
        {
          "name": "ADV-2009-0944",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0944"
        },
        {
          "name": "34601",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34601"
        },
        {
          "name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0177",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6433",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6433"
            },
            {
              "name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
            },
            {
              "name": "33372",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33372"
            },
            {
              "name": "34373",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34373"
            },
            {
              "name": "ADV-2009-0024",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0024"
            },
            {
              "name": "51180",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/51180"
            },
            {
              "name": "7647",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/7647"
            },
            {
              "name": "1021512",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021512"
            },
            {
              "name": "ADV-2009-0944",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0944"
            },
            {
              "name": "34601",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34601"
            },
            {
              "name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0177",
    "datePublished": "2009-01-20T15:26:00",
    "dateReserved": "2009-01-20T00:00:00",
    "dateUpdated": "2024-08-07T04:24:18.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-4916
Vulnerability from cvelistv5
Published
2009-04-06 15:00
Modified
2024-08-07 10:31
Severity ?
Summary
Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors.
References
http://security.gentoo.org/glsa/glsa-201209-25.xmlvendor-advisory, x_refsource_GENTOO
http://seclists.org/fulldisclosure/2009/Apr/0036.htmlmailing-list, x_refsource_FULLDISC
http://www.securityfocus.com/bid/34373vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2009/0944vdb-entry, x_refsource_VUPEN
http://lists.vmware.com/pipermail/security-announce/2009/000054.htmlmailing-list, x_refsource_MLIST
http://www.securitytracker.com/id?1021973vdb-entry, x_refsource_SECTRACK
http://www.vmware.com/security/advisories/VMSA-2009-0005.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6439vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:31:28.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201209-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
          },
          {
            "name": "34373",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34373"
          },
          {
            "name": "ADV-2009-0944",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0944"
          },
          {
            "name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
          },
          {
            "name": "1021973",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021973"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6439",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6439"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201209-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
        },
        {
          "name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
        },
        {
          "name": "34373",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34373"
        },
        {
          "name": "ADV-2009-0944",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0944"
        },
        {
          "name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
        },
        {
          "name": "1021973",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021973"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6439",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6439"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4916",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2009/Apr/0036.html"
            },
            {
              "name": "34373",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34373"
            },
            {
              "name": "ADV-2009-0944",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0944"
            },
            {
              "name": "[security-announce] 20090403 VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2009/000054.html"
            },
            {
              "name": "1021973",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021973"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0005.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6439",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6439"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4916",
    "datePublished": "2009-04-06T15:00:00",
    "dateReserved": "2008-11-03T00:00:00",
    "dateUpdated": "2024-08-07T10:31:28.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5671
Vulnerability from cvelistv5
Published
2008-06-05 20:21
Modified
2024-08-07 15:39
Severity ?
Summary
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\.\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges.
References
http://security.gentoo.org/glsa/glsa-201209-25.xmlvendor-advisory, x_refsource_GENTOO
http://www.vupen.com/english/advisories/2008/1744vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688vdb-entry, signature, x_refsource_OVAL
http://www.vmware.com/security/advisories/VMSA-2008-0009.htmlx_refsource_CONFIRM
http://secunia.com/advisories/30556third-party-advisory, x_refsource_SECUNIA
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712third-party-advisory, x_refsource_IDEFENSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/archive/1/493172/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/493080/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securitytracker.com/id?1020197vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/493148/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securityreason.com/securityalert/3922third-party-advisory, x_refsource_SREASON
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:13.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201209-25",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
          },
          {
            "name": "ADV-2008-1744",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1744"
          },
          {
            "name": "oval:org.mitre.oval:def:5688",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
          },
          {
            "name": "30556",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30556"
          },
          {
            "name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
          },
          {
            "name": "oval:org.mitre.oval:def:5358",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
          },
          {
            "name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
          },
          {
            "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
          },
          {
            "name": "1020197",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020197"
          },
          {
            "name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
          },
          {
            "name": "3922",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3922"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201209-25",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
        },
        {
          "name": "ADV-2008-1744",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1744"
        },
        {
          "name": "oval:org.mitre.oval:def:5688",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
        },
        {
          "name": "30556",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30556"
        },
        {
          "name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
        },
        {
          "name": "oval:org.mitre.oval:def:5358",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
        },
        {
          "name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
        },
        {
          "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
        },
        {
          "name": "1020197",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020197"
        },
        {
          "name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
        },
        {
          "name": "3922",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3922"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5671",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not properly validate arguments in user-mode METHOD_NEITHER IOCTLs to the \\\\.\\hgfs device, which allows guest OS users to modify arbitrary memory locations in guest kernel memory and gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201209-25",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
            },
            {
              "name": "ADV-2008-1744",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1744"
            },
            {
              "name": "oval:org.mitre.oval:def:5688",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5688"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html"
            },
            {
              "name": "30556",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30556"
            },
            {
              "name": "20080604 VMware Tools HGFS Local Privilege Escalation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=712"
            },
            {
              "name": "oval:org.mitre.oval:def:5358",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5358"
            },
            {
              "name": "20080606 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493172/100/0/threaded"
            },
            {
              "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded"
            },
            {
              "name": "1020197",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020197"
            },
            {
              "name": "20080605 Re: iDefense Security Advisory 06.04.08: VMware Tools HGFS Local Privilege Escalation Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493148/100/0/threaded"
            },
            {
              "name": "3922",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3922"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5671",
    "datePublished": "2008-06-05T20:21:00",
    "dateReserved": "2007-10-23T00:00:00",
    "dateUpdated": "2024-08-07T15:39:13.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5438
Vulnerability from cvelistv5
Published
2007-10-13 01:00
Modified
2024-08-07 15:31
Severity ?
Summary
Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.
References
http://osvdb.org/43488vdb-entry, x_refsource_OSVDB
http://securityreason.com/securityalert/3219third-party-advisory, x_refsource_SREASON
http://www.vmware.com/security/advisories/VMSA-2008-0014.htmlx_refsource_CONFIRM
http://secunia.com/advisories/31709third-party-advisory, x_refsource_SECUNIA
http://www.eleytt.com/advisories/eleytt_VMWARE1.pdfx_refsource_MISC
http://www.vmware.com/support/server/doc/releasenotes_server.htmlx_refsource_CONFIRM
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlx_refsource_CONFIRM
http://www.securitytracker.com/id?1020791vdb-entry, x_refsource_SECTRACK
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlx_refsource_CONFIRM
http://secunia.com/advisories/31710third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/482021/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlx_refsource_CONFIRM
http://www.vmware.com/support/player/doc/releasenotes_player.htmlx_refsource_CONFIRM
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/26025vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/495869/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.htmlmailing-list, x_refsource_FULLDISC
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlx_refsource_CONFIRM
http://secunia.com/advisories/31707third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31708third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2466vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:58.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43488",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/43488"
          },
          {
            "name": "3219",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3219"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
          },
          {
            "name": "31709",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31709"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "name": "1020791",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020791"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "name": "31710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31710"
          },
          {
            "name": "20071010 [ELEYTT] 10PAZDZIERNIK2007",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "name": "26025",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26025"
          },
          {
            "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
          },
          {
            "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "name": "31707",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31707"
          },
          {
            "name": "31708",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31708"
          },
          {
            "name": "ADV-2008-2466",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2466"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "43488",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/43488"
        },
        {
          "name": "3219",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3219"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
        },
        {
          "name": "31709",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31709"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
        },
        {
          "name": "1020791",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020791"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
        },
        {
          "name": "31710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31710"
        },
        {
          "name": "20071010 [ELEYTT] 10PAZDZIERNIK2007",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
        },
        {
          "name": "26025",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26025"
        },
        {
          "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
        },
        {
          "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
        },
        {
          "name": "31707",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31707"
        },
        {
          "name": "31708",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31708"
        },
        {
          "name": "ADV-2008-2466",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2466"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5438",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43488",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/43488"
            },
            {
              "name": "3219",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3219"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
            },
            {
              "name": "31709",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31709"
            },
            {
              "name": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf",
              "refsource": "MISC",
              "url": "http://www.eleytt.com/advisories/eleytt_VMWARE1.pdf"
            },
            {
              "name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
            },
            {
              "name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
            },
            {
              "name": "1020791",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020791"
            },
            {
              "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
            },
            {
              "name": "31710",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31710"
            },
            {
              "name": "20071010 [ELEYTT] 10PAZDZIERNIK2007",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/482021/100/0/threaded"
            },
            {
              "name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
            },
            {
              "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
            },
            {
              "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
            },
            {
              "name": "26025",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26025"
            },
            {
              "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
            },
            {
              "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
            },
            {
              "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
            },
            {
              "name": "31707",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31707"
            },
            {
              "name": "31708",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31708"
            },
            {
              "name": "ADV-2008-2466",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2466"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5438",
    "datePublished": "2007-10-13T01:00:00",
    "dateReserved": "2007-10-12T00:00:00",
    "dateUpdated": "2024-08-07T15:31:58.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0923
Vulnerability from cvelistv5
Published
2008-02-26 00:00
Modified
2024-08-07 08:01
Severity ?
Summary
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
References
http://www.securityfocus.com/bid/27944vdb-entry, x_refsource_BID
http://secunia.com/advisories/29117third-party-advisory, x_refsource_SECUNIA
http://www.coresecurity.com/?action=item&id=2129x_refsource_MISC
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlx_refsource_CONFIRM
http://www.securityfocus.com/archive/1/488725/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlx_refsource_CONFIRM
http://www.vmware.com/support/player/doc/releasenotes_player.htmlx_refsource_CONFIRM
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlx_refsource_CONFIRM
http://www.securitytracker.com/id?1019493vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/489739/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034x_refsource_CONFIRM
http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlmailing-list, x_refsource_MLIST
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/0905/referencesvdb-entry, x_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-2008-0005.htmlx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/40837vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2008/0679vdb-entry, x_refsource_VUPEN
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.htmlmailing-list, x_refsource_FULLDISC
http://www.securityfocus.com/bid/28276vdb-entry, x_refsource_BID
http://securityreason.com/securityalert/3700third-party-advisory, x_refsource_SREASON
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:01:40.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27944",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27944"
          },
          {
            "name": "29117",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29117"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/?action=item\u0026id=2129"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "name": "1019493",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019493"
          },
          {
            "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
          },
          {
            "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "name": "ADV-2008-0905",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
          },
          {
            "name": "vmware-sharedfolders-directory-traversal(40837)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
          },
          {
            "name": "ADV-2008-0679",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0679"
          },
          {
            "name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
          },
          {
            "name": "28276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "name": "3700",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3700"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27944",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27944"
        },
        {
          "name": "29117",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29117"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/?action=item\u0026id=2129"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
        },
        {
          "name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
        },
        {
          "name": "1019493",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019493"
        },
        {
          "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
        },
        {
          "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
        },
        {
          "name": "ADV-2008-0905",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0905/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
        },
        {
          "name": "vmware-sharedfolders-directory-traversal(40837)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
        },
        {
          "name": "ADV-2008-0679",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0679"
        },
        {
          "name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
        },
        {
          "name": "28276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28276"
        },
        {
          "name": "3700",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3700"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0923",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27944",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27944"
            },
            {
              "name": "29117",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29117"
            },
            {
              "name": "http://www.coresecurity.com/?action=item\u0026id=2129",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/?action=item\u0026id=2129"
            },
            {
              "name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
            },
            {
              "name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
            },
            {
              "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
            },
            {
              "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
            },
            {
              "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
            },
            {
              "name": "1019493",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019493"
            },
            {
              "name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
            },
            {
              "name": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034",
              "refsource": "CONFIRM",
              "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
            },
            {
              "name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
            },
            {
              "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
            },
            {
              "name": "ADV-2008-0905",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0905/references"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
            },
            {
              "name": "vmware-sharedfolders-directory-traversal(40837)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
            },
            {
              "name": "ADV-2008-0679",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0679"
            },
            {
              "name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
            },
            {
              "name": "28276",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28276"
            },
            {
              "name": "3700",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3700"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0923",
    "datePublished": "2008-02-26T00:00:00",
    "dateReserved": "2008-02-25T00:00:00",
    "dateUpdated": "2024-08-07T08:01:40.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}