Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-1362

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges or cause a denial of service by impersonating the authd process through an unspecified use of an "insecurely created named pipe," a different vulnerability than CVE-2008-1361.

Published

2008-03-20T00:44:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application vmware ace 1.0 Yes
Application vmware ace 2.0 Yes
Application vmware player 1.0.2 Yes
Application vmware player 1.0.3 Yes
Application vmware player 1.0.4 Yes
Application vmware player 1.0.5 Yes
Application vmware player 2.0 Yes
Application vmware player 2.0.1 Yes
Application vmware player 2.0.2 Yes
Application vmware server 1.0.3 Yes
Application vmware vmware_server 1.0.2 Yes
Application vmware vmware_server 1.0.4 Yes
Application vmware vmware_workstation 5.5.5 Yes
Application vmware vmware_workstation 6.0.1 Yes
Application vmware vmware_workstation 6.0.2 Yes
Application vmware workstation 5.5 Yes
Application vmware workstation 5.5.3_build_34685 Yes
Application vmware workstation 5.5.3_build_42958 Yes
Application vmware workstation 5.5.4 Yes
Application vmware workstation 5.5.4_build_44386 Yes
Application vmware workstation 6.0 Yes
References