CVE-2008-3696
First published: Wed Sep 03 2008(Updated: )
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ACE | >=1.0<1.0.7 | |
| VMware ACE | >=2.0<2.0.5 | |
| VMware Player | >=1.0.0<1.0.8 | |
| VMware Player | >=2.0<2.0.5 | |
| VMware Server | <1.0.7 | |
| VMware Workstation and ESXi | >=5.5<5.5.8 | |
| VMware Workstation and ESXi | >=6.0<6.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
- http://secunia.com/advisories/31707
- http://secunia.com/advisories/31708
- http://secunia.com/advisories/31709
- http://secunia.com/advisories/31710
- http://securityreason.com/securityalert/4202
- http://www.securityfocus.com/archive/1/495869/100/0/threaded
- http://www.securityfocus.com/bid/30934
- http://www.securitytracker.com/id?1020791
- http://www.vmware.com/security/advisories/VMSA-2008-0014.html
- http://www.vmware.com/support/ace/doc/releasenotes_ace.html
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- http://www.vmware.com/support/player/doc/releasenotes_player.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.vupen.com/english/advisories/2008/2466
Frequently Asked Questions
What is the severity of CVE-2008-3696?
CVE-2008-3696 is rated with high severity due to its potential impact on VMware products.
How do I fix CVE-2008-3696?
To fix CVE-2008-3696, upgrade your VMware software to the latest versions specified in the vulnerability report.
Which VMware products are affected by CVE-2008-3696?
CVE-2008-3696 affects VMware Workstation, Player, ACE, and Server across specific versions.
What types of attacks can CVE-2008-3696 facilitate?
CVE-2008-3696 can potentially allow attackers to execute arbitrary code through the affected ActiveX control.
Is there a workaround for CVE-2008-3696 if upgrading isn't possible?
While upgrading is the recommended solution for CVE-2008-3696, disabling or removing the vulnerable ActiveX control may serve as a temporary workaround.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/vmware
- canonical/vmware ace
- version/vmware ace/1.0
- version/vmware ace/2.0
- canonical/vmware player
- version/vmware player/1.0.0
- version/vmware player/2.0
- canonical/vmware server
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/5.5
- version/vmware workstation and esxi/6.0