Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1363

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-1363
Last Modified 14 May 2013 10:39:19
Published 19 Mar 2008 08:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-1363

Summary

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."

Vulnerable Systems

Application

  • Vmware Ace 2.0

  • Vmware Player 1.0.5

  • Vmware Player 2.0.2

  • Vmware Server 1.0.4

  • Vmware Workstation 5.5.5

  • Vmware Workstation 6.0.2


References

CONFIRM - http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

CONFIRM - http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

CONFIRM - http://www.vmware.com/support/server/doc/releasenotes_server.html

CONFIRM - http://www.vmware.com/support/player2/doc/releasenotes_player2.html

CONFIRM - http://www.vmware.com/support/player/doc/releasenotes_player.html

CONFIRM - http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0005.html

BID - 28276

XF - vmware-config-privilege-escalation(41252)

VUPEN - ADV-2008-0905

BUGTRAQ - 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

SECTRACK - 1019622

SREASON - 3755

MLIST - [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

GENTOO - GLSA-201209-25


Last Updated: 27 May 2016 10:47:25