[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Directory traversal vulnerability in VMware Workstation and VMware Player via a multibyte string

ID: oval:org.secpod.oval:def:36417Date: (C)2016-08-03   (M)2021-06-06
Class: VULNERABILITYFamily: windows




The host is installed with VMware Workstation 5.5.4, 6.0.2, VMware Player 1.0.4 or 2.0.2 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle a crafted VMCI calls that trigger memory. Successful exploitation allows attackers to allows guest OS users to read and write arbitrary files on the host OS string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism.

Platform:
Microsoft Windows Server 2022
Microsoft Windows 11
Microsoft Windows Server 2019
Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product:
VMware Player
VMware Workstation
Reference:
CVE-2008-0923
CVE    1
CVE-2008-0923
CPE    7
cpe:/a:vmware:workstation:5.5.3_build_34685
cpe:/a:vmware:workstation:4.5.2
cpe:/a:vmware:workstation:5.5.4
cpe:/a:vmware:workstation:6.0
...

© SecPod Technologies