CVE-2008-2100

2008-06-0520:32:00

CWE-119

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

1388

cve-2008-2100

vix api

buffer overflow

vmware workstation

vmware player

vmware ace

vmware server

vmware fusion

vmware esxi

vmware esx

arbitrary code execution

nvd

6.9 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

41.9%

JSON

Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.

CPENameOperatorVersion
vmware:fusionvmware fusionle1.1.1
vmware:esx_servervmware esx servereq3.0
vmware:esxivmware esxieq3.5
vmware:esxvmware esxeq3.5
vmware:esx_servervmware esx servereq3.5
vmware:esxvmware esxeq2.5.4
vmware:esxvmware esxeq3.0.0
vmware:esxvmware esxeq3.0.2
vmware:esxvmware esxeq3.0.1
vmware:workstationvmware workstationle5.5.6

CPE	Name	Operator	Version
vmware:fusion	vmware fusion	le	1.1.1
vmware:esx_server	vmware esx server	eq	3.0
vmware:esxi	vmware esxi	eq	3.5
vmware:esx	vmware esx	eq	3.5
vmware:esx_server	vmware esx server	eq	3.5
vmware:esx	vmware esx	eq	2.5.4
vmware:esx	vmware esx	eq	3.0.0
vmware:esx	vmware esx	eq	3.0.2
vmware:esx	vmware esx	eq	3.0.1
vmware:workstation	vmware workstation	le	5.5.6