Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1392

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1392
Last Modified 14 May 2013 10:39:26
Published 19 Mar 2008 08:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1392

Summary

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.

Vulnerable Systems

Application

  • Vmware Ace 2.0

  • Vmware Player 2.0.2

  • Vmware Workstation 6.0.2


References

CONFIRM - http://www.vmware.com/support/player2/doc/releasenotes_player2.html

CONFIRM - http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0005.html

XF - vmware-vix-api-unspecified(41551)

CONFIRM - http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

BID - 28276

BUGTRAQ - 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

SREASON - 3755

MLIST - [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues

GENTOO - GLSA-201209-25


Last Updated: 27 May 2016 10:49:54