ID CVE-2008-1340
Summary Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption."
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:player:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:server:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_server:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_server:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:5.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 11-10-2018 - 20:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
refmap via4
bid
  • 28276
  • 28289
bugtraq 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
confirm
gentoo GLSA-201209-25
mlist [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
sectrack 1019624
sreason 3755
vupen ADV-2008-0905
xf vmware-vmci-dos(41250)
Last major update 11-10-2018 - 20:31
Published 20-03-2008 - 00:44
Back to Top