Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-0923

Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.

Published

2008-02-26T00:44:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.4

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application vmware ace 1.0 Yes
Application vmware ace 1.0.2 Yes
Application vmware ace 2.0 Yes
Application vmware ace 2.0.1 Yes
Application vmware ace 2.0.2 Yes
Application vmware player 1.0.4 Yes
Application vmware vmware_player 1.0.1_build_19317 Yes
Application vmware vmware_player 1.0.2 Yes
Application vmware vmware_player 1.0.3 Yes
Application vmware vmware_workstation 6.0.1 Yes
Application vmware vmware_workstation 6.0.2 Yes
Application vmware workstation 4.5.2 Yes
Application vmware workstation 5.5.3_build_34685 Yes
Application vmware workstation 5.5.4 Yes
Application vmware workstation 6.0 Yes
References