Vulnerability CVE-2008-3694


Published: 2008-09-03   Modified: 2012-02-12

Description:
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696.

See advisories in our WLB2 database:
Topic
Author
Date
High
VMware * address information disclosure, privilege escalation and other security issues.
VMware Security ...
03.09.2008

Type:

CWE-noinfo

Vendor: Vmware
Product: Workstation 
Version:
6.0.4
6.0.3
6.0.2
6.0.1_build_55017
6.0.1
6.0
5.5.7
5.5.6
5.5.5_build_56455
5.5.5
5.5.4_build_44386
5.5.4
5.5.3_build_42958
5.5.3_build_34685
5.5.3
5.5.2
5.5.1_build_19175
5.5.1
5.5.0_build_13124
5.5
Product: Vmware workstation 
Version:
6.0.4
6.0.3
6.0.2
6.0.1
5.5.7
5.5.6
5.5.5
5.5.2
Product: Vmware player 
Version:
2.0.4
2.0.3
2.0.2
2.0.1
1.0.7
1.0.6
1.0.5
1.0.3
1.0.2
1.0.1
Product: Player 
Version:
2.0.4
2.0.3
2.0.2
2.0.1_build_55017
2.0.1
2.0
1.0.7
1.0.6
1.0.5_build_56455
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
1.0
Product: ACE 
Version:
2.0.4
2.0.3
2.0.2
2.0.1_build_55017
2.0.1
2.0
1.0.6
1.0.5
1.0.4
1.0.3_build_54075
1.0.3
1.0.2
1.0.1
1.0
Product: Server 
Version:
1.0.6
1.0.5
1.0.4_build_56528
1.0.4
1.0.3
1.0.2
1.0.1_build_29996
1.0.1
1.0
Product: Vmware server 
Version:
1.0.6
1.0.5
1.0.4
1.0.2
1.0.1
1.0

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://securityreason.com/securityalert/4202
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/30934
http://www.securitytracker.com/id?1020791
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/2466

Related CVE
CVE-2018-6982
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.
CVE-2018-6981
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below co...
CVE-2018-11077
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerabili...
CVE-2018-11076
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may b...
CVE-2018-11067
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerabilit...
CVE-2018-11066
Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerab...
CVE-2018-6977
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user ...
CVE-2018-6970
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less...

Copyright 2019, cxsecurity.com

 

Back to Top