CVE-2008-0923
Summary
| CVE | CVE-2008-0923 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-02-26 00:44:00 UTC |
| Updated | 2018-10-15 22:03:00 UTC |
| Description | Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vmware | Ace | 1.0 | All | All | All |
| Application | Vmware | Ace | 1.0.2 | All | All | All |
| Application | Vmware | Ace | 2.0 | All | All | All |
| Application | Vmware | Ace | 2.0.1 | All | All | All |
| Application | Vmware | Ace | 2.0.2 | All | All | All |
| Application | Vmware | Ace | 1.0 | All | All | All |
| Application | Vmware | Ace | 1.0.2 | All | All | All |
| Application | Vmware | Ace | 2.0 | All | All | All |
| Application | Vmware | Ace | 2.0.1 | All | All | All |
| Application | Vmware | Ace | 2.0.2 | All | All | All |
| Application | Vmware | Player | 1.0.4 | All | All | All |
| Application | Vmware | Player | 1.0.4 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.1_build_19317 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.2 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.3 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.1_build_19317 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.2 | All | All | All |
| Application | Vmware | Vmware Player | 1.0.3 | All | All | All |
| Application | Vmware | Vmware Workstation | 6.0.1 | All | All | All |
| Application | Vmware | Vmware Workstation | 6.0.2 | All | All | All |
| Application | Vmware | Vmware Workstation | 6.0.1 | All | All | All |
| Application | Vmware | Vmware Workstation | 6.0.2 | All | All | All |
| Application | Vmware | Workstation | 4.5.2 | All | All | All |
| Application | Vmware | Workstation | 5.5.3_build_34685 | All | All | All |
| Application | Vmware | Workstation | 5.5.4 | All | All | All |
| Application | Vmware | Workstation | 6.0 | All | All | All |
| Application | Vmware | Workstation | 4.5.2 | All | All | All |
| Application | Vmware | Workstation | 5.5.3_build_34685 | All | All | All |
| Application | Vmware | Workstation | 5.5.4 | All | All | All |
| Application | Vmware | Workstation | 6.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [Full-disclosure] Format string and buffer-overflow in SurgeMail 38k4 | FULLDISC | lists.grok.org.uk | |
| VMware Products Shared Folders 'MultiByteToWideChar()' Variant Directory Traversal Vulnerability | BID | www.securityfocus.com | |
| VMware Workstation 6 Release Notes | CONFIRM | www.vmware.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| VMware Player Release Notes | CONFIRM | www.vmware.com | |
| VMSA-2008-0005.1 - VMware | CONFIRM | www.vmware.com | |
| [Security-announce] VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues | MLIST | lists.vmware.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| VMware Self-Service- Critical VMware Security Alert for Windows-Hosted VMware Workstation, VMware Player, and VMware ACE | CONFIRM | kb.vmware.com | |
| SecurityReason - Path Traversal vulnerability in VMware's shared folders implementation | SREASON | securityreason.com | |
| Core Security Technologies | MISC | www.coresecurity.com | |
| VMware Workstation 5.5 Release Notes | CONFIRM | www.vmware.com | |
| VMware ACE Release Notes | CONFIRM | www.vmware.com | |
| VMware Player Release Notes | CONFIRM | www.vmware.com | |
| VMware Shared Folder Bug Lets Local Users on the Guest OS Gain Elevated Privileges on the Host OS - SecurityTracker | SECTRACK | www.securitytracker.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| VMware Products Shared Folders Directory Traversal Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| VMware Server 1.0.5 and Workstation 6.0.3 Multiple Vulnerabilities | BID | www.securityfocus.com | |
| Webmail - OVH | VUPEN | www.vupen.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.