[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-0923Date: (C)2008-02-25   (M)2023-12-22


Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019493
http://www.securityfocus.com/archive/1/488725/100/0/threaded
http://www.securityfocus.com/archive/1/489739/100/0/threaded
BID-27944
BID-28276
SECUNIA-29117
SREASON-3700
ADV-2008-0679
ADV-2008-0905
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034
http://www.coresecurity.com/?action=item&id=2129
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player/doc/releasenotes_player.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
vmware-sharedfolders-directory-traversal(40837)

CPE    7
cpe:/a:vmware:workstation:5.5.3_build_34685
cpe:/a:vmware:workstation:5.5.4
cpe:/a:vmware:ace:1.0
cpe:/a:vmware:ace:2.0
...
CWE    1
CWE-22
OVAL    1
oval:org.secpod.oval:def:36417

© SecPod Technologies