CVE-2008-1392

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
OR cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:44

Type Values Removed Values Added
References () http://lists.vmware.com/pipermail/security-announce/2008/000008.html - () http://lists.vmware.com/pipermail/security-announce/2008/000008.html -
References () http://security.gentoo.org/glsa/glsa-201209-25.xml - () http://security.gentoo.org/glsa/glsa-201209-25.xml -
References () http://securityreason.com/securityalert/3755 - () http://securityreason.com/securityalert/3755 -
References () http://www.securityfocus.com/archive/1/489739/100/0/threaded - () http://www.securityfocus.com/archive/1/489739/100/0/threaded -
References () http://www.securityfocus.com/bid/28276 - () http://www.securityfocus.com/bid/28276 -
References () http://www.vmware.com/security/advisories/VMSA-2008-0005.html - Patch, Vendor Advisory () http://www.vmware.com/security/advisories/VMSA-2008-0005.html - Patch, Vendor Advisory
References () http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html - Patch, Vendor Advisory () http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html - Patch, Vendor Advisory
References () http://www.vmware.com/support/player2/doc/releasenotes_player2.html - Patch, Vendor Advisory () http://www.vmware.com/support/player2/doc/releasenotes_player2.html - Patch, Vendor Advisory
References () http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html - () http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41551 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41551 -

Information

Published : 2008-03-20 00:44

Updated : 2024-11-21 00:44


NVD link : CVE-2008-1392

Mitre link : CVE-2008-1392

CVE.ORG link : CVE-2008-1392


JSON object : View

Products Affected

vmware

  • player
  • ace
  • vmware_workstation

microsoft

  • windows
CWE
CWE-16

Configuration