{"api_version":"1","generated_at":"2026-05-13T10:34:53+00:00","cve":"CVE-2008-0923","urls":{"html":"https://cve.report/CVE-2008-0923","api":"https://cve.report/api/cve/CVE-2008-0923.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-0923","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-0923"},"summary":{"title":"CVE-2008-0923","description":"Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-02-26 00:44:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-22","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.9","severity":"","vector":"AV:L/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034","name":"http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware \tSelf-Service-    Critical VMware Security Alert for Windows-Hosted VMware Workstation, VMware Player, and VMware ACE","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/player/doc/releasenotes_player.html","name":"http://www.vmware.com/support/player/doc/releasenotes_player.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Player Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html","name":"http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Full-disclosure] Format string and buffer-overflow in SurgeMail\t38k4","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://lists.vmware.com/pipermail/security-announce/2008/000008.html","name":"http://lists.vmware.com/pipermail/security-announce/2008/000008.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Security-announce] VMSA-2008-0005 Updated VMware Workstation,\n VMware Player, VMware\n Server, VMware ACE, and VMware Fusion resolve critical security issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/0679","name":"http://www.vupen.com/english/advisories/2008/0679","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/29117","name":"http://secunia.com/advisories/29117","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Products Shared Folders Directory Traversal Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/0905/references","name":"http://www.vupen.com/english/advisories/2008/0905/references","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html","name":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMSA-2008-0005.1 - VMware","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html","name":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware ACE Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/3700","name":"http://securityreason.com/securityalert/3700","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityReason - Path Traversal vulnerability in VMware's shared folders implementation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html","name":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Workstation 6 Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html","name":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Player Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/27944","name":"http://www.securityfocus.com/bid/27944","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Products Shared Folders 'MultiByteToWideChar()' Variant Directory Traversal Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/488725/100/0/threaded","name":"http://www.securityfocus.com/archive/1/488725/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html","name":"http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Workstation 5.5 Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/40837","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/40837","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/489739/100/0/threaded","name":"http://www.securityfocus.com/archive/1/489739/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019493","name":"http://www.securitytracker.com/id?1019493","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Shared Folder Bug Lets Local Users on the Guest OS Gain Elevated Privileges on the Host OS - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.coresecurity.com/?action=item&id=2129","name":"http://www.coresecurity.com/?action=item&id=2129","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Core Security Technologies","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/28276","name":"http://www.securityfocus.com/bid/28276","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Server 1.0.5 and Workstation 6.0.3 Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-0923","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-0923","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"ace","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"ace","cpe6":"1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"ace","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"ace","cpe6":"2.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"ace","cpe6":"2.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"player","cpe6":"1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"vmware_player","cpe6":"1.0.1_build_19317","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"vmware_player","cpe6":"1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"vmware_player","cpe6":"1.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"vmware_workstation","cpe6":"6.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"vmware_workstation","cpe6":"6.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"workstation","cpe6":"4.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"workstation","cpe6":"5.5.3_build_34685","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"workstation","cpe6":"5.5.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"923","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"workstation","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T08:01:40.085Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"27944","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/27944"},{"name":"29117","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/29117"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.coresecurity.com/?action=item&id=2129"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"},{"name":"20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/488725/100/0/threaded"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/player/doc/releasenotes_player.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"},{"name":"1019493","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019493"},{"name":"20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/489739/100/0/threaded"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034"},{"name":"[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://lists.vmware.com/pipermail/security-announce/2008/000008.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"},{"name":"ADV-2008-0905","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0905/references"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html"},{"name":"vmware-sharedfolders-directory-traversal(40837)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"},{"name":"ADV-2008-0679","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0679"},{"name":"20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"},{"name":"28276","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/28276"},{"name":"3700","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/3700"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-02-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-15T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"27944","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/27944"},{"name":"29117","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/29117"},{"tags":["x_refsource_MISC"],"url":"http://www.coresecurity.com/?action=item&id=2129"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"},{"name":"20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/488725/100/0/threaded"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/player/doc/releasenotes_player.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"},{"name":"1019493","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019493"},{"name":"20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/489739/100/0/threaded"},{"tags":["x_refsource_CONFIRM"],"url":"http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034"},{"name":"[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","tags":["mailing-list","x_refsource_MLIST"],"url":"http://lists.vmware.com/pipermail/security-announce/2008/000008.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"},{"name":"ADV-2008-0905","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0905/references"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html"},{"name":"vmware-sharedfolders-directory-traversal(40837)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"},{"name":"ADV-2008-0679","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0679"},{"name":"20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"},{"name":"28276","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/28276"},{"name":"3700","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/3700"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-0923","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"27944","refsource":"BID","url":"http://www.securityfocus.com/bid/27944"},{"name":"29117","refsource":"SECUNIA","url":"http://secunia.com/advisories/29117"},{"name":"http://www.coresecurity.com/?action=item&id=2129","refsource":"MISC","url":"http://www.coresecurity.com/?action=item&id=2129"},{"name":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html","refsource":"CONFIRM","url":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"},{"name":"20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/488725/100/0/threaded"},{"name":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html","refsource":"CONFIRM","url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html"},{"name":"http://www.vmware.com/support/player/doc/releasenotes_player.html","refsource":"CONFIRM","url":"http://www.vmware.com/support/player/doc/releasenotes_player.html"},{"name":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html","refsource":"CONFIRM","url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"},{"name":"1019493","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019493"},{"name":"20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/489739/100/0/threaded"},{"name":"http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034","refsource":"CONFIRM","url":"http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034"},{"name":"[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","refsource":"MLIST","url":"http://lists.vmware.com/pipermail/security-announce/2008/000008.html"},{"name":"http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html","refsource":"CONFIRM","url":"http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"},{"name":"ADV-2008-0905","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0905/references"},{"name":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html","refsource":"CONFIRM","url":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html"},{"name":"vmware-sharedfolders-directory-traversal(40837)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"},{"name":"ADV-2008-0679","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0679"},{"name":"20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation","refsource":"FULLDISC","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"},{"name":"28276","refsource":"BID","url":"http://www.securityfocus.com/bid/28276"},{"name":"3700","refsource":"SREASON","url":"http://securityreason.com/securityalert/3700"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-0923","datePublished":"2008-02-26T00:00:00.000Z","dateReserved":"2008-02-25T00:00:00.000Z","dateUpdated":"2024-08-07T08:01:40.085Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-02-26 00:44:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-22","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*","matchCriteriaId":"6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2D346E48-887C-4D02-BFD3-D323B7F3871C"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*","matchCriteriaId":"A8E1A5AA-BD9F-4263-B7C6-E744323C4D74"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"9D22E40D-C362-49FD-924C-262A64555934"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8A48CEB4-5864-4A0F-B14C-CFE4699C3311"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vmware_player:1.0.1_build_19317:*:*:*:*:*:*:*","matchCriteriaId":"7764D48A-2D43-413F-9214-AE754DDCF68F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"65DD6966-72EA-4C4D-BC90-B0D534834BA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"EBFC9B7A-8A40-467B-9102-EE5259EC4D14"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5B7632A4-D120-434D-B35A-303640DB37AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6DFFE01E-BD0A-432E-B47C-D68DAADDD075"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*","matchCriteriaId":"AD0FE7C5-2C46-4B59-9242-A03B986C07DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*","matchCriteriaId":"51C6D608-64DE-4CC4-9869-3342E8FD707F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*","matchCriteriaId":"16A1141D-9718-4A22-8FF2-AEAD28E07291"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"89329F80-7134-4AB2-BDA3-E1B887F633B0"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"923","Ordinal":"1","Title":"CVE-2008-0923","CVE":"CVE-2008-0923","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"923","Ordinal":"1","NoteData":"Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string.","Type":"Description","Title":"CVE-2008-0923"},{"CveYear":"2008","CveId":"923","Ordinal":"2","NoteData":"2008-02-25","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"923","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}