cve-2008-0923
Vulnerability from cvelistv5
Published
2008-02-26 00:00
Modified
2024-08-07 08:01
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27944",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27944"
},
{
"name": "29117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29117"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019493",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019493"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "vmware-sharedfolders-directory-traversal(40837)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
},
{
"name": "ADV-2008-0679",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0679"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "3700",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27944",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27944"
},
{
"name": "29117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29117"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019493",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019493"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "vmware-sharedfolders-directory-traversal(40837)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
},
{
"name": "ADV-2008-0679",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0679"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
},
{
"name": "28276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "3700",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27944"
},
{
"name": "29117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29117"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2129",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2129"
},
{
"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"
},
{
"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
},
{
"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
},
{
"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
},
{
"name": "1019493",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019493"
},
{
"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
},
{
"name": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034",
"refsource": "CONFIRM",
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034"
},
{
"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
},
{
"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
},
{
"name": "ADV-2008-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0905/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"
},
{
"name": "vmware-sharedfolders-directory-traversal(40837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"
},
{
"name": "ADV-2008-0679",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0679"
},
{
"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware\u0027s shared folders implementation",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"
},
{
"name": "28276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28276"
},
{
"name": "3700",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0923",
"datePublished": "2008-02-26T00:00:00",
"dateReserved": "2008-02-25T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D346E48-887C-4D02-BFD3-D323B7F3871C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8E1A5AA-BD9F-4263-B7C6-E744323C4D74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D22E40D-C362-49FD-924C-262A64555934\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A48CEB4-5864-4A0F-B14C-CFE4699C3311\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_player:1.0.1_build_19317:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7764D48A-2D43-413F-9214-AE754DDCF68F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65DD6966-72EA-4C4D-BC90-B0D534834BA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBFC9B7A-8A40-467B-9102-EE5259EC4D14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B7632A4-D120-434D-B35A-303640DB37AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DFFE01E-BD0A-432E-B47C-D68DAADDD075\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD0FE7C5-2C46-4B59-9242-A03B986C07DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51C6D608-64DE-4CC4-9869-3342E8FD707F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16A1141D-9718-4A22-8FF2-AEAD28E07291\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89329F80-7134-4AB2-BDA3-E1B887F633B0\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \\\"%c0%2e%c0%2e\\\" string.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en la caracter\\u00edstica de Archivos Compartidos de VMWare ACE 1.0.2 y 2.0.2, Player 1.0.4 y 2.0.2, y Workstation 5.5.4 y 6.0.2 permite a usuarios de SO invitados leer y escribir archivos de su elecci\\u00f3n en el SO anfitri\\u00f3n a trav\\u00e9s de una cadena multibyte que produce una cadena de caracteres ancha que contiene secuencias de .. (punto punto), lo que evita el mecanismo de protecci\\u00f3n, como se demostr\\u00f3 usando una cadena \\\"%c0%2e%c0%2e\\\".\"}]",
"id": "CVE-2008-0923",
"lastModified": "2024-11-21T00:43:14.113",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2008-02-26T00:44:00.000",
"references": "[{\"url\": \"http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2008/000008.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29117\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3700\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.coresecurity.com/?action=item\u0026id=2129\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/488725/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489739/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27944\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28276\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019493\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0005.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/support/player/doc/releasenotes_player.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/support/player2/doc/releasenotes_player2.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0679\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0905/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/40837\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2008/000008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29117\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3700\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.coresecurity.com/?action=item\u0026id=2129\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/488725/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489739/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27944\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28276\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019493\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2008-0005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/support/player/doc/releasenotes_player.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/support/player2/doc/releasenotes_player2.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0679\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0905/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/40837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-0923\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-02-26T00:44:00.000\",\"lastModified\":\"2024-11-21T00:43:14.113\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \\\"%c0%2e%c0%2e\\\" string.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en la caracter\u00edstica de Archivos Compartidos de VMWare ACE 1.0.2 y 2.0.2, Player 1.0.4 y 2.0.2, y Workstation 5.5.4 y 6.0.2 permite a usuarios de SO invitados leer y escribir archivos de su elecci\u00f3n en el SO anfitri\u00f3n a trav\u00e9s de una cadena multibyte que produce una cadena de caracteres ancha que contiene secuencias de .. (punto punto), lo que evita el mecanismo de protecci\u00f3n, como se demostr\u00f3 usando una cadena \\\"%c0%2e%c0%2e\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D346E48-887C-4D02-BFD3-D323B7F3871C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E1A5AA-BD9F-4263-B7C6-E744323C4D74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D22E40D-C362-49FD-924C-262A64555934\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A48CEB4-5864-4A0F-B14C-CFE4699C3311\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_player:1.0.1_build_19317:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7764D48A-2D43-413F-9214-AE754DDCF68F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65DD6966-72EA-4C4D-BC90-B0D534834BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBFC9B7A-8A40-467B-9102-EE5259EC4D14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B7632A4-D120-434D-B35A-303640DB37AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DFFE01E-BD0A-432E-B47C-D68DAADDD075\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD0FE7C5-2C46-4B59-9242-A03B986C07DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51C6D608-64DE-4CC4-9869-3342E8FD707F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16A1141D-9718-4A22-8FF2-AEAD28E07291\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89329F80-7134-4AB2-BDA3-E1B887F633B0\"}]}]}],\"references\":[{\"url\":\"http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2008/000008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29117\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3700\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.coresecurity.com/?action=item\u0026id=2129\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/488725/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/489739/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27944\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28276\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019493\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/support/player/doc/releasenotes_player.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/support/player2/doc/releasenotes_player2.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0679\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0905/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/40837\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=1004034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2008/000008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3700\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.coresecurity.com/?action=item\u0026id=2129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/488725/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/489739/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27944\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28276\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/support/player/doc/releasenotes_player.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/support/player2/doc/releasenotes_player2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0905/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/40837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.