Vulnerability CVE-2008-3698


Published: 2008-09-03   Modified: 2012-02-12

Description:
Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.

See advisories in our WLB2 database:
Topic
Author
Date
High
VMware * address information disclosure, privilege escalation and other security issues.
VMware Security ...
03.09.2008

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Vmware
Product: Vmware workstation 
Version:
6.0.4
6.0.3
6.0.2
6.0.1
5.5.7
5.5.6
5.5.5
5.5.2
5.5.0
Product: Workstation 
Version:
6.0.4
6.0.3
6.0.2
6.0.1_build_55017
6.0.1
6.0
5.5.7
5.5.6
5.5.5_build_56455
5.5.5
5.5.4_build_44386
5.5.4
5.5.3_build_42958
5.5.3_build_34685
5.5.3
5.5.2
5.5.1_build_19175
5.5.1
5.5.0_build_13124
5.5
Product: Vmware player 
Version:
2.0.4
2.0.3
2.0.2
2.0.1
1.0.7
1.0.6
1.0.5
1.0.3
1.0.2
1.0.1
Product: Player 
Version:
2.0.4
2.0.3
2.0.2
2.0.1_build_55017
2.0.1
2.0
1.0.7
1.0.6
1.0.5_build_56455
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
1.0
Product: ACE 
Version:
2.0.4
2.0.3
2.0.2
2.0.1_build_55017
2.0.1
2.0
1.0.6
1.0.5
1.0.4
1.0.3_build_54075
1.0.3
1.0.2
1.0.1
1.0
Product: Server 
Version:
1.0.6
1.0.5
1.0.4_build_56528
1.0.4
1.0.3
1.0.2
1.0.1_build_29996
1.0.1
1.0
Product: Vmware server 
Version:
1.0.6
1.0.5
1.0.4
1.0.2
1.0.1
1.0

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://securityreason.com/securityalert/4202
http://securitytracker.com/id?1020790
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/30936
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/server/doc/releasenotes_server.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/2466
https://exchange.xforce.ibmcloud.com/vulnerabilities/44795

Related CVE
CVE-2019-5520
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitat...
CVE-2019-5517
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the sha...
CVE-2019-5516
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex...
CVE-2019-5519
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU)...
CVE-2019-5518
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerab...
CVE-2018-6982
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.
CVE-2018-6981
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below co...
CVE-2018-11077
'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerabili...

Copyright 2019, cxsecurity.com

 

Back to Top