All the vulnerabilites related to vmware - vmware_player_2
cve-2008-2098
Vulnerability from cvelistv5
Published
2008-06-02 14:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-201209-25.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.vmware.com/security/advisories/VMSA-2008-0008.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42753 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1020148 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/492831/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/1707/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30476 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"
},
{
"name": "vmware-hgfs-bo(42753)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753"
},
{
"name": "1020148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020148"
},
{
"name": "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"
},
{
"name": "ADV-2008-1707",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1707/references"
},
{
"name": "30476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201209-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"
},
{
"name": "vmware-hgfs-bo(42753)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753"
},
{
"name": "1020148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020148"
},
{
"name": "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"
},
{
"name": "ADV-2008-1707",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1707/references"
},
{
"name": "30476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"
},
{
"name": "vmware-hgfs-bo(42753)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753"
},
{
"name": "1020148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020148"
},
{
"name": "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"
},
{
"name": "ADV-2008-1707",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1707/references"
},
{
"name": "30476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2098",
"datePublished": "2008-06-02T14:00:00",
"dateReserved": "2008-05-07T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2099
Vulnerability from cvelistv5
Published
2008-06-02 14:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2008-0008.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42757 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1707 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29443 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/492831/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1020149 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/30476 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"
},
{
"name": "vmware-vmci-code-execution(42757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42757"
},
{
"name": "ADV-2008-1707",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1707"
},
{
"name": "29443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29443"
},
{
"name": "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"
},
{
"name": "1020149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020149"
},
{
"name": "30476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"
},
{
"name": "vmware-vmci-code-execution(42757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42757"
},
{
"name": "ADV-2008-1707",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1707"
},
{
"name": "29443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29443"
},
{
"name": "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"
},
{
"name": "1020149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020149"
},
{
"name": "30476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"
},
{
"name": "vmware-vmci-code-execution(42757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42757"
},
{
"name": "ADV-2008-1707",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1707"
},
{
"name": "29443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29443"
},
{
"name": "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"
},
{
"name": "1020149",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020149"
},
{
"name": "30476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2099",
"datePublished": "2008-06-02T14:00:00",
"dateReserved": "2008-05-07T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-06-02 21:30
Modified
2024-11-21 00:46
Severity ?
Summary
Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows | * | |
| vmware | ace_2 | 2.0 | |
| vmware | ace_2 | 2.0.1 | |
| vmware | vmware_player_2 | 2.0 | |
| vmware | vmware_player_2 | 2.0.1 | |
| vmware | vmware_player_2 | 2.0.2 | |
| vmware | vmware_player_2 | 2.0.3 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | vmware_workstation | 6.0.3 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace_2:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8476A347-FBF2-4235-8483-7365BAF700A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace_2:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7994893-F7CA-489F-9EC8-0FC4151C0499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDF5387-1F1B-42AF-B33D-E4392D61D89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0FF78F-4952-4061-9BF8-E365D1267E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "552F3E26-7689-4365-8BA8-3BEC755303F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DEBC79-6ECB-40E1-8B92-4376E65DA050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02EBBFDD-AC46-481A-8DA7-64619B447637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en VMCI en VMware Workstation versiones 6 anteriores a 6.0.4 build 93057, VMware Player versiones 2 anteriores a 2.0.4 build 93057 y VMware ACE versiones 2 anteriores a 2.0.2 build 93057 en Windows, permite a los usuarios del SO invitado ejecutar c\u00f3digo arbitrario en el SO host por medio de vectores no especificados"
}
],
"id": "CVE-2008-2099",
"lastModified": "2024-11-21T00:46:05.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-02T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30476"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29443"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020149"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1707"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42757"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-02 21:30
Modified
2024-11-21 00:46
Severity ?
Summary
Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | ace_2 | 2.0 | |
| vmware | ace_2 | 2.01 | |
| vmware | fusion | 1.1 | |
| vmware | fusion | 1.1.1 | |
| vmware | vmware_player_2 | 2.0 | |
| vmware | vmware_player_2 | 2.01 | |
| vmware | vmware_player_2 | 2.02 | |
| vmware | vmware_player_2 | 2.03 | |
| vmware | vmware_workstation | 6.0.1 | |
| vmware | vmware_workstation | 6.0.2 | |
| vmware | vmware_workstation | 6.03 | |
| vmware | workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:ace_2:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8476A347-FBF2-4235-8483-7365BAF700A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:ace_2:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AD3DFD-6211-438F-9483-E82B346DBA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD1338C-8FC1-40A1-BAE8-B11F4354A0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC862199-8AA7-4E5E-BA2B-DF5FC9A056BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDF5387-1F1B-42AF-B33D-E4392D61D89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7B9138-51C8-433D-80B5-70FBB09732DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF74F13-1247-4D40-816A-FF5B2E00FAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6F83E6-1325-4B96-B253-7B031B5BA563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "652DCCCA-2C0F-482F-AD1C-F3913BD3430D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el VMware Host Guest File System (HGFS) en VMware Workstation versiones 6 anteriores a 6.0.4 build 93057, VMware Player versiones 2 anteriores a 2.0.4 build 93057, VMware ACE versiones 2 anteriores a 2.0.2 build 93057 y VMware Fusion versiones anteriores a 1.1.2 build 87978, cuando el uso compartido de carpetas es utilizado, permite a los usuarios del SO invitado ejecutar c\u00f3digo arbitrario sobre el SO host por medio de vectores no especificados."
}
],
"id": "CVE-2008-2098",
"lastModified": "2024-11-21T00:46:05.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-06-02T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30476"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020148"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1707/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1707/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}