Vulnerability CVE-2008-3695


Published: 2008-09-03   Modified: 2012-02-12

Description:
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696.

See advisories in our WLB2 database:
Topic
Author
Date
High
VMware * address information disclosure, privilege escalation and other security issues.
VMware Security ...
03.09.2008

Type:

CWE-noinfo

Vendor: Vmware
Product: Workstation 
Version:
6.0.4
6.0.3
6.0.2
6.0.1_build_55017
6.0.1
6.0
5.5.7
5.5.6
5.5.5_build_56455
5.5.5
5.5.4_build_44386
5.5.4
5.5.3_build_42958
5.5.3_build_34685
5.5.3
5.5.2
5.5.1_build_19175
5.5.1
5.5.0_build_13124
5.5
Product: Vmware workstation 
Version:
6.0.4
6.0.3
6.0.2
6.0.1
5.5.7
5.5.6
5.5.5
5.5.2
Product: Vmware player 
Version:
2.0.4
2.0.3
2.0.2
2.0.1
1.0.7
1.0.6
1.0.5
1.0.3
1.0.2
1.0.1
Product: Player 
Version:
2.0.4
2.0.3
2.0.2
2.0.1_build_55017
2.0.1
2.0
1.0.7
1.0.6
1.0.5_build_56455
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
1.0
Product: ACE 
Version:
2.0.4
2.0.3
2.0.2
2.0.1_build_55017
2.0.1
2.0
1.0.6
1.0.5
1.0.4
1.0.3_build_54075
1.0.3
1.0.2
1.0.1
1.0
Product: Server 
Version:
1.0.6
1.0.5
1.0.4_build_56528
1.0.4
1.0.3
1.0.2
1.0.1_build_29996
1.0.1
1.0
Product: Vmware server 
Version:
1.0.6
1.0.5
1.0.4
1.0.2
1.0.1
1.0

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://securityreason.com/securityalert/4202
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/30934
http://www.securitytracker.com/id?1020791
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/2466

Related CVE
CVE-2019-5528
VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available.
CVE-2019-5525
VMware Workstation (15.x before 15.1.0) contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with othe...
CVE-2019-5522
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-...
CVE-2019-5526
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges...
CVE-2019-5520
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitat...
CVE-2019-5517
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the sha...
CVE-2019-5516
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex...
CVE-2019-5515
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead...

Copyright 2019, cxsecurity.com

 

Back to Top