CVE-2008-2098: Buffer Overflow
First published: Mon Jun 02 2008(Updated: )
Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Player | =2.01 | |
| VMware Fusion Pro | =1.1 | |
| VMware Fusion Pro | =1.1.1 | |
| VMware Player | =2.03 | |
| VMware Workstation | =6.0 | |
| VMware ACE 2 | =2.01 | |
| VMware Player | =2.0 | |
| VMware VMware Workstation | =6.0.2 | |
| VMware Player | =2.02 | |
| VMware VMware Workstation | =6.0.1 | |
| VMware ACE 2 | =2.0 | |
| VMware VMware Workstation | =6.03 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vmware.com/security/advisories/VMSA-2008-0008.html
- http://www.vupen.com/english/advisories/2008/1707/references
- http://secunia.com/advisories/30476
- http://www.securitytracker.com/id?1020148
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42753
- http://www.securityfocus.com/archive/1/492831/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-2098?
CVE-2008-2098 has a high severity due to its potential to allow remote code execution.
How do I fix CVE-2008-2098?
To fix CVE-2008-2098, upgrade to VMware Workstation 6.0.4 or later, VMware Player 2.0.4 or later, VMware ACE 2.0.2 or later, or VMware Fusion 1.1.2 or later.
Which products are affected by CVE-2008-2098?
CVE-2008-2098 affects VMware Workstation 6.0, VMware Player 2.x, VMware ACE 2.x, and VMware Fusion versions before the specified builds.
What type of vulnerability is CVE-2008-2098?
CVE-2008-2098 is a heap-based buffer overflow vulnerability that occurs when folder sharing is used.
Can CVE-2008-2098 be exploited remotely?
Yes, CVE-2008-2098 can be exploited remotely by guest OS users through the VMware Host Guest File System.
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/vmware
- canonical/vmware player
- version/vmware player/2.01
- canonical/vmware fusion pro
- version/vmware fusion pro/1.1
- version/vmware fusion pro/1.1.1
- version/vmware player/2.03
- canonical/vmware workstation
- version/vmware workstation/6.0
- canonical/vmware ace 2
- version/vmware ace 2/2.01
- version/vmware player/2.0
- canonical/vmware vmware workstation
- version/vmware vmware workstation/6.0.2
- version/vmware player/2.02
- version/vmware vmware workstation/6.0.1
- version/vmware ace 2/2.0
- version/vmware vmware workstation/6.03