7.2

CVE-2008-2100

Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.

Data is provided by the National Vulnerability Database (NVD)
VMwareAce Version >= 1.0 <= 1.0.5
VMwareAce Version >= 2.0 <= 2.0.3
VMwareEsx Server Version3.0
VMwareEsx Server Version3.5
VMwareEsxi Version3.5
VMwareFusion Version <= 1.1.1
VMwarePlayer Version >= 1.0.0 <= 1.0.6
VMwarePlayer Version >= 2.0 <= 2.0.3
VMwareServer Version <= 1.0.5
VMwareWorkstation Version >= 5.5 <= 5.5.6
VMwareWorkstation Version >= 6.0 <= 6.0.3
VMwareEsx Version2.5.4
VMwareEsx Version2.5.5
VMwareEsx Version3.0.0
VMwareEsx Version3.0.1
VMwareEsx Version3.0.2
VMwareEsx Version3.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.15% 0.366
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://securitytracker.com/id?1020200
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/29552
Third Party Advisory
VDB Entry