6.9
CVE-2008-0923
- EPSS 0.49%
- Veröffentlicht 26.02.2008 00:44:00
- Zuletzt bearbeitet 16.06.2026 22:50:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Vmware Player Version1.0.1_build_19317
VMware ≫ Vmware Player Version1.0.2
VMware ≫ Vmware Player Version1.0.3
VMware ≫ Vmware Workstation Version6.0.1
VMware ≫ Vmware Workstation Version6.0.2
VMware ≫ Workstation Version4.5.2
VMware ≫ Workstation Version5.5.3_build_34685
VMware ≫ Workstation Version5.5.4
VMware ≫ Workstation Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.379 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/28276
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
http://www.vupen.com/english/advisories/2008/0905/references
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html
http://secunia.com/advisories/29117
http://securityreason.com/securityalert/3700
http://www.coresecurity.com/?action=item&id=2129
http://www.securityfocus.com/archive/1/488725/100/0/threaded
http://www.securityfocus.com/bid/27944
http://www.securitytracker.com/id?1019493
http://www.vupen.com/english/advisories/2008/0679
https://exchange.xforce.ibmcloud.com/vulnerabilities/40837