CVE-2008-3698
First published: Wed Sep 03 2008(Updated: )
Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ACE | >=1.0<1.0.7 | |
| VMware ACE | >=2.0<2.0.5 | |
| VMware Player | >=1.0.0<1.0.8 | |
| VMware Player | >=2.0<2.0.5 | |
| VMware Server | <1.0.7 | |
| VMware Workstation and ESXi | >=5.5<5.5.8 | |
| VMware Workstation and ESXi | >=6.0<6.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
- http://www.vmware.com/support/ace/doc/releasenotes_ace.html
- http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
- http://www.vmware.com/support/player/doc/releasenotes_player.html
- http://www.vmware.com/support/player2/doc/releasenotes_player2.html
- http://www.vmware.com/support/server/doc/releasenotes_server.html
- http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
- http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
- http://www.securityfocus.com/bid/30936
- http://secunia.com/advisories/31707
- http://www.vmware.com/security/advisories/VMSA-2008-0014.html
- http://securitytracker.com/id?1020790
- http://securityreason.com/securityalert/4202
- http://www.vupen.com/english/advisories/2008/2466
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44795
- http://www.securityfocus.com/archive/1/495869/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-3698?
CVE-2008-3698 has been rated as a medium severity vulnerability due to potential privilege escalation risks.
How do I fix CVE-2008-3698?
To fix CVE-2008-3698, update VMware Workstation to version 5.5.8 or later, VMware Player to version 1.0.8 or later, or VMware ACE to version 1.0.7 or later.
What versions of VMware are affected by CVE-2008-3698?
CVE-2008-3698 affects VMware Workstation versions before 5.5.8, VMware Player versions before 1.0.8, and VMware ACE versions before 1.0.7.
Can CVE-2008-3698 allow unauthorized access?
Yes, CVE-2008-3698 may allow an attacker to gain unauthorized access by exploiting the unspecified vulnerability in the OpenProcess function.
Is there a workaround for CVE-2008-3698?
There are no official workarounds for CVE-2008-3698; upgrading to the latest versions is recommended for mitigation.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/vmware
- canonical/vmware ace
- version/vmware ace/1.0
- version/vmware ace/2.0
- canonical/vmware player
- version/vmware player/1.0.0
- version/vmware player/2.0
- canonical/vmware server
- canonical/vmware workstation and esxi
- version/vmware workstation and esxi/5.5
- version/vmware workstation and esxi/6.0