CVE-2008-3892

Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html	Third Party Advisory
http://www.vmware.com/support/ace/doc/releasenotes_ace.html	Vendor Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	Vendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.html	Vendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.html	Vendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.html	Vendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	Vendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	Vendor Advisory
http://www.securityfocus.com/bid/30934	Third Party Advisory VDB Entry
http://secunia.com/advisories/31707	Patch Third Party Advisory
http://secunia.com/advisories/31708	Patch Third Party Advisory
http://secunia.com/advisories/31709	Patch Third Party Advisory
http://secunia.com/advisories/31710	Patch Third Party Advisory
http://securityreason.com/securityalert/4202	Third Party Advisory
http://www.securityfocus.com/bid/29503	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2466	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43062	VDB Entry
https://www.exploit-db.com/exploits/6345	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/495869/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:player::::::::
	cpe:2.3:a:vmware:ace::::::::
	cpe:2.3:a:vmware:ace::::::::
	cpe:2.3:a:vmware:server::::::::
	cpe:2.3:a:vmware:workstation::::::::
	cpe:2.3:a:vmware:player::::::::
	cpe:2.3:a:vmware:workstation::::::::

Information

Published : 2008-09-03 07:12

Updated : 2018-11-01 09:23

NVD link : CVE-2008-3892

Mitre link : CVE-2008-3892

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

vmware

ace
workstation
player
server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html", "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", "tags": ["Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html", "name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", "name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html", "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html", "name": "http://www.vmware.com/support/server/doc/releasenotes_server.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/30934", "name": "30934", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/31707", "name": "31707", "tags": ["Patch", "Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31708", "name": "31708", "tags": ["Patch", "Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31709", "name": "31709", "tags": ["Patch", "Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31710", "name": "31710", "tags": ["Patch", "Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/4202", "name": "4202", "tags": ["Third Party Advisory"], "refsource": "SREASON"}, {"url": "http://www.securityfocus.com/bid/29503", "name": "29503", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2008/2466", "name": "ADV-2008-2466", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43062", "name": "vmware-comapi-guestinfo-bo(43062)", "tags": ["VDB Entry"], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/6345", "name": "6345", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded", "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-3892", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-09-03T14:12Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.5", "versionStartIncluding": "2.0"}, {"cpe23Uri": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.7", "versionStartIncluding": "1.0"}, {"cpe23Uri": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.5", "versionStartIncluding": "2.0"}, {"cpe23Uri": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.7"}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.5.8", "versionStartIncluding": "5.5"}, {"cpe23Uri": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.8", "versionStartIncluding": "1.0.0"}, {"cpe23Uri": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.0.5", "versionStartIncluding": "6.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-11-01T16:23Z"}

10.0 /10