CVE-2008-1392
First published: Thu Mar 20 2008(Updated: )
The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows | ||
| VMware ACE | <=2.0 | |
| VMware Player | <=2.0.2 | |
| VMware VMware Workstation | =6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.vmware.com/pipermail/security-announce/2008/000008.html
- http://www.vmware.com/security/advisories/VMSA-2008-0005.html
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.securityfocus.com/bid/28276
- http://securityreason.com/securityalert/3755
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41551
- http://www.securityfocus.com/archive/1/489739/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-1392?
CVE-2008-1392 is considered to have an unknown severity due to its potential impact and attack vectors.
How do I fix CVE-2008-1392?
To mitigate CVE-2008-1392, update VMware Workstation to version 6.0.3 or later, VMware Player to version 2.0.3 or later, or VMware ACE to version 2.0.1 or later.
Which VMware products are affected by CVE-2008-1392?
CVE-2008-1392 affects VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1.
What vulnerability does CVE-2008-1392 describe?
CVE-2008-1392 describes a vulnerability that allows the console of the guest OS to be accessed through anonymous VIX API calls.
Are there known exploits for CVE-2008-1392?
As of now, there are no publicly documented exploits specifically targeting CVE-2008-1392.
- collector/nvd-historical
- agent/references
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/remedy
- agent/severity
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/microsoft
- canonical/microsoft windows
- vendor/vmware
- canonical/vmware ace
- version/vmware ace/2.0
- canonical/vmware player
- version/vmware player/2.0.2
- canonical/vmware vmware workstation
- version/vmware vmware workstation/6.0.2