CVE-2008-3892

VMware - COM API ActiveX Remote Buffer Overflow (PoC)

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.

Desbordamiento de búfer en un cierto control ActiveX en el COM API de VMware Workstation 5.5.x versiones anteriores a 5.5.8 build 108000, VMware Workstation 6.0.x versiones anteriores a 6.0.5 build 109488, VMware Player 1.x versiones anteriores a 1.0.8 build 108000, VMware Player 2.x versiones anteriores a 2.0.5 build 109488, VMware ACE 1.x versiones anteriores a 1.0.7 build 108880, VMware ACE 2.x versiones anteriores a 2.0.5 build 109488, and VMware Server versiones anteriores a 1.0.7 build 108231 permite a atacantes remotos provocar una denegación de servicio (caída del navegador) o posiblemente ejecutar código de su elección a través de una llamada al método GuestInfo en el cual hay un argumento de cadena largo, y un asignamiento de un valor de cadena largo al resultado de esa llamada.
NOTA: esto puede superponerse a CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, o CVE-2008-3696.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-09-03 CVE Reserved
2008-09-03 CVE Published
2024-05-25 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (19)

URL	Tag	Source
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html	Mailing List
http://securityreason.com/securityalert/4202	Third Party Advisory
http://www.securityfocus.com/archive/1/495869/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/29503	Third Party Advisory
http://www.securityfocus.com/bid/30934	Third Party Advisory
http://www.vupen.com/english/advisories/2008/2466	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43062	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/6345	2024-08-07

URL	Date	SRC
http://secunia.com/advisories/31707	2018-11-01
http://secunia.com/advisories/31708	2018-11-01
http://secunia.com/advisories/31709	2018-11-01
http://secunia.com/advisories/31710	2018-11-01

URL	Date	SRC
http://www.vmware.com/support/ace/doc/releasenotes_ace.html	2018-11-01
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	2018-11-01
http://www.vmware.com/support/player/doc/releasenotes_player.html	2018-11-01
http://www.vmware.com/support/player2/doc/releasenotes_player2.html	2018-11-01
http://www.vmware.com/support/server/doc/releasenotes_server.html	2018-11-01
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	2018-11-01
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	2018-11-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vmware Search vendor "Vmware"		Ace Search vendor "Vmware" for product "Ace"				>= 1.0 < 1.0.7 Search vendor "Vmware" for product "Ace" and version " >= 1.0 < 1.0.7"		-		Affected
Vmware Search vendor "Vmware"		Ace Search vendor "Vmware" for product "Ace"				>= 2.0 < 2.0.5 Search vendor "Vmware" for product "Ace" and version " >= 2.0 < 2.0.5"		-		Affected
Vmware Search vendor "Vmware"		Player Search vendor "Vmware" for product "Player"				>= 1.0.0 < 1.0.8 Search vendor "Vmware" for product "Player" and version " >= 1.0.0 < 1.0.8"		-		Affected
Vmware Search vendor "Vmware"		Player Search vendor "Vmware" for product "Player"				>= 2.0 < 2.0.5 Search vendor "Vmware" for product "Player" and version " >= 2.0 < 2.0.5"		-		Affected
Vmware Search vendor "Vmware"		Server Search vendor "Vmware" for product "Server"				< 1.0.7 Search vendor "Vmware" for product "Server" and version " < 1.0.7"		-		Affected
Vmware Search vendor "Vmware"		Workstation Search vendor "Vmware" for product "Workstation"				>= 5.5 < 5.5.8 Search vendor "Vmware" for product "Workstation" and version " >= 5.5 < 5.5.8"		-		Affected
Vmware Search vendor "Vmware"		Workstation Search vendor "Vmware" for product "Workstation"				>= 6.0 < 6.0.5 Search vendor "Vmware" for product "Workstation" and version " >= 6.0 < 6.0.5"		-		Affected