CVE-2008-3691
First published: Wed Sep 03 2008(Updated: )
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ACE | >=1.0<1.0.7 | |
| VMware ACE | >=2.0<2.0.5 | |
| VMware Player | >=1.0.0<1.0.8 | |
| VMware Player | >=2.0<2.0.5 | |
| VMware Server | <1.0.7 | |
| VMware Workstation and ESXi | >=5.5<5.5.8 | |
| VMware Workstation and ESXi | >=6.0<6.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
- http://www.vmware.com/support/ace/doc/releasenotes_ace.html
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- http://www.vmware.com/support/player/doc/releasenotes_player.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.securityfocus.com/bid/30934
- http://secunia.com/advisories/31707
- http://secunia.com/advisories/31708
- http://secunia.com/advisories/31709
- http://secunia.com/advisories/31710
- http://www.vmware.com/security/advisories/VMSA-2008-0014.html
- http://www.securitytracker.com/id?1020791
- http://securityreason.com/securityalert/4202
- http://www.vupen.com/english/advisories/2008/2466
- http://www.securityfocus.com/archive/1/495869/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-3691?
CVE-2008-3691 is considered a moderate severity vulnerability.
How do I fix CVE-2008-3691?
To fix CVE-2008-3691, update to VMware Workstation versions 5.5.8 or later, VMware Player versions 1.0.8 or later, or VMware ACE versions 1.0.7 or later.
What versions of VMware are affected by CVE-2008-3691?
CVE-2008-3691 affects VMware Workstation versions prior to 5.5.8, VMware Player versions prior to 1.0.8, and VMware ACE versions prior to 1.0.7.
Is CVE-2008-3691 an ActiveX exploit?
Yes, CVE-2008-3691 is an unspecified vulnerability related to an ActiveX control in certain versions of VMware products.
Can I continue using VMware software affected by CVE-2008-3691?
Using affected versions of VMware software is risky, and it is highly recommended to update to a patched version to mitigate security risks.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/vmware
- canonical/vmware ace
- version/vmware ace/1.0
- version/vmware ace/2.0
- canonical/vmware player
- version/vmware player/1.0.0
- version/vmware player/2.0
- canonical/vmware server
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/5.5
- version/vmware workstation and esxi/6.0