CVE-2008-2098

Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/30476	Vendor Advisory
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://www.securityfocus.com/archive/1/492831/100/0/threaded
http://www.securitytracker.com/id?1020148
http://www.vmware.com/security/advisories/VMSA-2008-0008.html
http://www.vupen.com/english/advisories/2008/1707/references	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42753

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:ace_2:2.0:::::::*
	cpe:2.3:a:vmware:ace_2:2.01:::::::*
	cpe:2.3:a:vmware:fusion:1.1:::::::*
	cpe:2.3:a:vmware:fusion:1.1.1:::::::*
	cpe:2.3:a:vmware:vmware_player_2:2.0:::::::*
	cpe:2.3:a:vmware:vmware_player_2:2.01:::::::*
	cpe:2.3:a:vmware:vmware_player_2:2.02:::::::*
	cpe:2.3:a:vmware:vmware_player_2:2.03:::::::*
	cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::*
	cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::*
	cpe:2.3:a:vmware:vmware_workstation:6.03:::::::*
	cpe:2.3:a:vmware:workstation:6.0:::::::*

History

No history.

Information

Published : 2008-06-02 21:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-2098

Mitre link : CVE-2008-2098

CVE.ORG link : CVE-2008-2098

JSON object : View

Products Affected

vmware

ace_2
vmware_player_2
workstation
vmware_workstation
fusion

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2008-2098", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-06-02T21:30:00.000", "references": [{"url": "http://secunia.com/advisories/30476", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1020148", "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1707/references", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el VMware Host Guest File System (HGFS) en VMware Workstation versiones 6 anteriores a 6.0.4 build 93057, VMware Player versiones 2 anteriores a 2.0.4 build 93057, VMware ACE versiones 2 anteriores a 2.0.2 build 93057 y VMware Fusion versiones anteriores a 1.1.2 build 87978, cuando el uso compartido de carpetas es utilizado, permite a los usuarios del SO invitado ejecutar c\u00f3digo arbitrario sobre el SO host por medio de vectores no especificados."}], "lastModified": "2018-10-11T20:39:19.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:ace_2:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8476A347-FBF2-4235-8483-7365BAF700A8"}, {"criteria": "cpe:2.3:a:vmware:ace_2:2.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7AD3DFD-6211-438F-9483-E82B346DBA19"}, {"criteria": "cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DD1338C-8FC1-40A1-BAE8-B11F4354A0CE"}, {"criteria": "cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC862199-8AA7-4E5E-BA2B-DF5FC9A056BD"}, {"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BDF5387-1F1B-42AF-B33D-E4392D61D89C"}, {"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A7B9138-51C8-433D-80B5-70FBB09732DE"}, {"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CF74F13-1247-4D40-816A-FF5B2E00FAF5"}, {"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B6F83E6-1325-4B96-B253-7B031B5BA563"}, {"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB"}, {"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075"}, {"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "652DCCCA-2C0F-482F-AD1C-F3913BD3430D"}, {"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}