CVE-2008-2100: Buffer Overflow
First published: Thu Jun 05 2008(Updated: )
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Fusion Pro | <=1.1.1 | |
| VMware ESX | =3.0 | |
| VMware ESXi | =3.5 | |
| VMware ESX | =3.5 | |
| VMware ESX | =3.5 | |
| VMware ESX | =2.5.4 | |
| VMware ESX | =3.0.0 | |
| VMware ESX | =3.0.2 | |
| VMware ESX | =3.0.1 | |
| VMware Workstation | >=5.5<=5.5.6 | |
| VMware Workstation | >=6.0<=6.0.3 | |
| VMware Player | >=2.0<=2.0.3 | |
| VMware Player | >=1.0.0<=1.0.6 | |
| VMware ACE | >=1.0<=1.0.5 | |
| VMware ACE | >=2.0<=2.0.3 | |
| VMware Server | <=1.0.5 | |
| VMware ESX | =2.5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- http://securitytracker.com/id?1020200
- http://secunia.com/advisories/30556
- http://www.securityfocus.com/bid/29552
- http://securityreason.com/securityalert/3922
- http://www.vupen.com/english/advisories/2008/1744
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42872
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081
- http://www.securityfocus.com/archive/1/493080/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-2100?
CVE-2008-2100 is considered a high severity vulnerability due to the potential for arbitrary code execution on the host operating system.
How do I fix CVE-2008-2100?
To fix CVE-2008-2100, upgrade to VMware products version 1.1.4 build 93057 or later.
What software is affected by CVE-2008-2100?
CVE-2008-2100 affects multiple VMware products including Workstation 5.x and 6.x, Player 1.x and 2.x, and ESXi 3.5.
Can CVE-2008-2100 be exploited remotely?
Yes, CVE-2008-2100 can potentially be exploited by unauthorized users on guest operating systems to take control of the host.
What are the potential impacts of exploiting CVE-2008-2100?
Exploiting CVE-2008-2100 may allow an attacker to execute arbitrary code on the host system, compromising the security and integrity of the host.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/vmware
- canonical/vmware fusion pro
- version/vmware fusion pro/1.1.1
- canonical/vmware esx
- version/vmware esx/3.0
- canonical/vmware esxi
- version/vmware esxi/3.5
- version/vmware esx/3.5
- version/vmware esx/2.5.4
- version/vmware esx/3.0.0
- version/vmware esx/3.0.2
- version/vmware esx/3.0.1
- canonical/vmware workstation
- version/vmware workstation/5.5
- version/vmware workstation/5.5.6
- version/vmware workstation/6.0
- version/vmware workstation/6.0.3
- canonical/vmware player
- version/vmware player/2.0
- version/vmware player/2.0.3
- version/vmware player/1.0.0
- version/vmware player/1.0.6
- canonical/vmware ace
- version/vmware ace/1.0
- version/vmware ace/1.0.5
- version/vmware ace/2.0
- version/vmware ace/2.0.3
- canonical/vmware server
- version/vmware server/1.0.5
- version/vmware esx/2.5.5