Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-1361

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.

Published

2008-03-20T00:44:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.1

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	ace	1.0	Yes
Application	vmware	ace	1.0.1	Yes
Application	vmware	ace	1.0.2	Yes
Application	vmware	ace	1.0.3	Yes
Application	vmware	ace	1.0.4	Yes
Application	vmware	ace	2.0	Yes
Application	vmware	player	1.0.2	Yes
Application	vmware	player	1.0.3	Yes
Application	vmware	player	1.0.4	Yes
Application	vmware	player	1.0.5	Yes
Application	vmware	player	2.0	Yes
Application	vmware	player	2.0.1	Yes
Application	vmware	player	2.0.2	Yes
Application	vmware	server	1.0.3	Yes
Application	vmware	vmware_server	1.0.0	Yes
Application	vmware	vmware_server	1.0.1	Yes
Application	vmware	vmware_server	1.0.2	Yes
Application	vmware	vmware_server	1.0.3	Yes
Application	vmware	vmware_server	1.0.4	Yes
Application	vmware	vmware_workstation	5.5.5	Yes
Application	vmware	vmware_workstation	6.0.1	Yes
Application	vmware	vmware_workstation	6.0.2	Yes
Application	vmware	workstation	5.5	Yes
Application	vmware	workstation	5.5.3_build_34685	Yes
Application	vmware	workstation	5.5.3_build_42958	Yes
Application	vmware	workstation	5.5.4	Yes
Application	vmware	workstation	5.5.4_build_44386	Yes
Application	vmware	workstation	6.0	Yes

References

http://lists.vmware.com/pipermail/security-announce/2008/000008.html ([email protected])
http://security.gentoo.org/glsa/glsa-201209-25.xml ([email protected])
http://securityreason.com/securityalert/3755 ([email protected])
http://securitytracker.com/id?1019621 ([email protected])
http://www.securityfocus.com/archive/1/489739/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/28276 Patch ([email protected])
http://www.vmware.com/security/advisories/VMSA-2008-0005.html Patch, Vendor Advisory ([email protected])
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html Patch, Vendor Advisory ([email protected])
http://www.vmware.com/support/player/doc/releasenotes_player.html Patch, Vendor Advisory ([email protected])
http://www.vmware.com/support/player2/doc/releasenotes_player2.html Patch, Vendor Advisory ([email protected])
http://www.vmware.com/support/server/doc/releasenotes_server.html Patch, Vendor Advisory ([email protected])
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Patch, Vendor Advisory ([email protected])
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ([email protected])
http://www.vupen.com/english/advisories/2008/0905/references ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/41257 ([email protected])
http://lists.vmware.com/pipermail/security-announce/2008/000008.html (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201209-25.xml (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/3755 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1019621 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/489739/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/28276 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2008-0005.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/support/player/doc/releasenotes_player.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/support/player2/doc/releasenotes_player2.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/support/server/doc/releasenotes_server.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0905/references (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41257 (af854a3a-2127-422b-91ae-364da2661108)