7.2

CVE-2008-1363

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareAce Version >= 1.0 < 1.0.5
   MicrosoftWindows
VMwareAce Version >= 2.0 < 2.0.1
   MicrosoftWindows
VMwarePlayer Version >= 1.0.0 < 1.0.6
   MicrosoftWindows
VMwarePlayer Version >= 2.0 < 2.0.3
   MicrosoftWindows
VMwareServer Version >= 1.0 < 1.0.5
   MicrosoftWindows
VMwareWorkstation Version >= 5.5 < 5.5.6
   MicrosoftWindows
VMwareWorkstation Version >= 6.0 < 6.0.3
   MicrosoftWindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.337
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
Vendor Advisory
http://www.securityfocus.com/archive/1/489739/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/28276
Patch
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
Patch
Vendor Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Patch
Vendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.html
Patch
Vendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Patch
Vendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.html
Patch
Vendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Patch
Vendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2008/0905/references
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201209-25.xml
Third Party Advisory
http://securityreason.com/securityalert/3755
Third Party Advisory
http://securitytracker.com/id?1019622
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41252
Third Party Advisory
VDB Entry