CVE-2008-1363
First published: Thu Mar 20 2008(Updated: )
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows | ||
| VMware ACE | >=1.0<1.0.5 | |
| VMware ACE | >=2.0<2.0.1 | |
| VMware Player | >=1.0.0<1.0.6 | |
| VMware Player | >=2.0<2.0.3 | |
| VMware Server | >=1.0<1.0.5 | |
| VMware Workstation | >=5.5<5.5.6 | |
| VMware Workstation | >=6.0<6.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.vmware.com/pipermail/security-announce/2008/000008.html
- http://www.vmware.com/security/advisories/VMSA-2008-0005.html
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- http://www.vmware.com/support/player/doc/releasenotes_player.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.securityfocus.com/bid/28276
- http://securitytracker.com/id?1019622
- http://securityreason.com/securityalert/3755
- http://www.vupen.com/english/advisories/2008/0905/references
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41252
- http://www.securityfocus.com/archive/1/489739/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft windows
- vendor/vmware
- canonical/vmware ace
- version/vmware ace/1.0
- version/vmware ace/2.0
- canonical/vmware player
- version/vmware player/1.0.0
- version/vmware player/2.0
- canonical/vmware server
- version/vmware server/1.0
- canonical/vmware workstation
- version/vmware workstation/5.5
- version/vmware workstation/6.0