CVE-2008-1363
First published: Thu Mar 20 2008(Updated: )
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows | ||
| VMware ACE | >=1.0<1.0.5 | |
| VMware ACE | >=2.0<2.0.1 | |
| VMware Player | >=1.0.0<1.0.6 | |
| VMware Player | >=2.0<2.0.3 | |
| VMware Server | >=1.0<1.0.5 | |
| VMware Workstation | >=5.5<5.5.6 | |
| VMware Workstation | >=6.0<6.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.vmware.com/pipermail/security-announce/2008/000008.html
- http://www.vmware.com/security/advisories/VMSA-2008-0005.html
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- http://www.vmware.com/support/player/doc/releasenotes_player.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.securityfocus.com/bid/28276
- http://securitytracker.com/id?1019622
- http://securityreason.com/securityalert/3755
- http://www.vupen.com/english/advisories/2008/0905/references
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41252
- http://www.securityfocus.com/archive/1/489739/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-1363?
CVE-2008-1363 is classified as a moderate severity vulnerability allowing local users to gain privileges.
How do I fix CVE-2008-1363?
To address CVE-2008-1363, upgrade VMware Workstation to version 6.0.3, Player to version 2.0.3, ACE to version 2.0.1, or Server to version 1.0.5 or later.
Which VMware products are affected by CVE-2008-1363?
CVE-2008-1363 affects VMware Workstation 6.0.x before 6.0.3, 5.5.x before 5.5.6, Player 2.0.x before 2.0.3, ACE 2.0.x before 2.0.1, and Server 1.0.x before 1.0.5.
Can CVE-2008-1363 be exploited remotely?
No, CVE-2008-1363 can only be exploited locally by users with access to the affected VMware applications.
What type of attack does CVE-2008-1363 facilitate?
CVE-2008-1363 facilitates privilege escalation, allowing local users to gain elevated privileges within the VMware environment.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/microsoft
- canonical/microsoft windows
- vendor/vmware
- canonical/vmware ace
- version/vmware ace/1.0
- version/vmware ace/2.0
- canonical/vmware player
- version/vmware player/1.0.0
- version/vmware player/2.0
- canonical/vmware server
- version/vmware server/1.0
- canonical/vmware workstation
- version/vmware workstation/5.5
- version/vmware workstation/6.0