CVE-2008-1392
 
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.
La configuración por defecto de VMware Workstation 6.0.2, VMware Player versiones 2.0.x anteriores a 2.0.3, y VMware ACE versiones 2.0.x anteriores a 2.0.1 permite el acceso a la consola del sistema operativo cliente mediante llamadas anónimas a la interfaz de programación de aplicaciones VIX, teniendo un impacto y vectores de ataque desconocidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-03-19 CVE Reserved
- 2008-03-20 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-16: Configuration
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://lists.vmware.com/pipermail/security-announce/2008/000008.html | Mailing List | |
http://securityreason.com/securityalert/3755 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/489739/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/28276 | Vdb Entry | |
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html | X_refsource_confirm | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/41551 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.vmware.com/security/advisories/VMSA-2008-0005.html | 2018-10-11 | |
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html | 2018-10-11 | |
http://www.vmware.com/support/player2/doc/releasenotes_player2.html | 2018-10-11 |
URL | Date | SRC |
---|---|---|
http://security.gentoo.org/glsa/glsa-201209-25.xml | 2018-10-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Ace Search vendor "Vmware" for product "Ace" | <= 2.0 Search vendor "Vmware" for product "Ace" and version " <= 2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Player Search vendor "Vmware" for product "Player" | <= 2.0.2 Search vendor "Vmware" for product "Player" and version " <= 2.0.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Vmware Search vendor "Vmware" | Vmware Workstation Search vendor "Vmware" for product "Vmware Workstation" | 6.0.2 Search vendor "Vmware" for product "Vmware Workstation" and version "6.0.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|