CVE-2008-2100

CVE-2008-2100 corresponds to VMware VIX API Multiple Buffer Overflow Vulnerabilities (VMSA-2008-0009). It affects VIX API 1.1.x before 1.1.4 build 93057 across host products (VMware Workstation 5.x/6.x, VMware Player 1.x/2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, ...

CVE-2009-1244

CVE-2009-1244 is a VMware-hosted products issue where a guest OS could execute code on the host via the virtual machine display function. Affected products include VMware Server/Player/Workstation and related hosted ESX/ESXi components (as described in the CVE record). The root cause is described...

CVE-2009-2267

CVE-2009-2267 affects VMware products (Workstation, Player, ACE, Server, Fusion, ESXi/ESX) where Virtual-8086 mode is used. The root cause is an improper setting of the exception code on a page fault (#PF), allowing guest OS users to gain privileges on the guest OS by supplying a crafted value fo...

CVE-2009-4811

CVE-2009-4811 describes a remote denial-of-service in VMware Authorization Service (vmware-authd) via a crafted sequence in USER and PASS that crashes the process. Affected products include VMware Workstation 7.0 (before 7.0.1 build 227600), VMware Workstation 6.5.x (before 6.5.4 build 246459), V...

CVE-2007-0062

CVE-2007-0062: The vulnerability affects ISC DHCPD 3.0.x (before 3.0.7) and 3.1.x (before 3.1.1), plus the DHCP servers in VMware Workstation/Player, ACE, and related products. It is caused by a stack-based buffer overflow triggered by a malformed DHCP packet with a large dhcp-max-message-size, p...

CVE-2009-3707

CVE-2009-3707 corresponds to a remote denial-of-service in VMware hosted products via a format-string vulnerability in the authentication path. The initial description names VMware Workstation 7.x (before 7.0.1 build 227600) and 6.5.x (before 6.5.4 build 246459), VMware Player 3.x (before 3.0.1 b...

CVE-2008-3691

CVE-2008-3691 corresponds to an unspecified vulnerability in a VMware ActiveX control. Affected products include VMware Workstation 5.5.x up to 5.5.8-108000, VMware Workstation 6.0.x up to 6.0.5-109488, VMware Player 1.x up to 1.0.8-108000, VMware Player 2.x up to 2.0.5-109488, VMware ACE 1.x up ...

CVE-2008-4915

CVE-2008-4915 documents a privilege-escalation flaw in CPU hardware emulation across VMware products (Workstation, Player, Server, ESX/ESXi, and related variants) when running 32/64-bit guest OS. The trap-flag handling flaw allows an authenticated guest OS user to gain privileges on the guest OS....

CVE-2008-1361

The CVE-2008-1361 issue affects multiple VMware products (Workstation 6.0.x up to 6.0.3, 5.5.x up to 5.5.6; Player 2.0.x up to 2.0.3 and 1.0.x up to 1.0.6; ACE 2.0.x up to 2.0.1 and 1.0.x up to 1.0.5; Server 1.0.x up to 1.0.5 on Windows). The root cause is an unspecified manipulation that causes ...

CVE-2008-3694

CVE-2008-3694 refers to an unspecified vulnerability in several VMware ActiveX controls (used by VMware Workstation, VMware Player, VMware ACE, and VMware Server). The description states it has unknown impact and remote attack vectors, and it is distinguished from related CVEs (2008-3691, -3692, ...

CVE-2007-0063

CVE-2007-0063 affects the DHCP server in VMware-related products (Workstation, Player, ACE, Server) prior to the listed builds. An integer underflow in the DHCP server can trigger a stack-based buffer overflow when processing malformed DHCP packets, enabling remote code execution. Mitigation in t...

CVE-2010-1142

CVE-2010-1142 affects VMware Tools across multiple VMware products (Workstation 6.5.x before 6.5.4, Player 2.5.x before 2.5.4, ACE 2.5.x before 2.5.4, Server 2.x before 2.0.2, Fusion 2.x before 2.0.6, ESXi/ESX family) where Windows guest users could gain privileges by placing a Trojan horse on th...

CVE-2007-5671

CVE-2007-5671 is a VMware Tools local privilege-escalation issue in the guest HGFS driver (HGFS.sys) present in VMware Workstation/Player/ACE/Server and ESX/ESXi components. The flaw arises from improper validation of arguments to user-mode IOCTLs to .\hgfs, enabling a guest user to modify kernel...

CVE-2008-0923

CVE-2008-0923 is a directory traversal vulnerability in VMware’s Shared Folders feature (HGFS) that affects desktop products including VMware Workstation up to 6.0.2, Workstation 5.5.4, VMware Player 2.0.2 and 1.0.4, and VMware ACE 2.0.2 and 1.0.2 . The root cause is a mismatch between input vali...

CVE-2009-0909

VMware CVE-2009-0909 is the VNnc Codec heap overflow in VMware Workstation 6.5.x before 6.5.2 (build 156735), VMware Player 2.5.x before 2.5.2 (build 156735), VMware ACE 2.5.x before 2.5.2 (build 156735), and VMware Server 2.0.x before 2.0.1 (build 156745). It allows remote code execution via a c...

CVE-2009-1805

CVE-2009-1805 concerns the VMware Descheduled Time Accounting DoS vulnerability. The issue affects multiple VMware products where the Descheduled Time Accounting Service is not running inside a Windows guest, allowing a guest OS user to cause a denial of service via unknown vectors. Affected prod...

CVE-2008-1340

VMware VMCI vulnerability CVE-2008-1340 affects VMware Workstation 6.0.x prior to 6.0.3, VMware Player 2.0.x prior to 2.0.3, and VMware ACE 2.0.x prior to 2.0.1. The issue allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger memory exhaustion and memor...

CVE-2008-3692

CVE-2008-3692 is described as an unspecified vulnerability in a VMware ActiveX control affecting multiple VMware products: Workstation 5.5.x up to 5.5.8 (build 108000), Workstation 6.0.x up to 6.0.5 (build 109488), VMware Player 1.x up to 1.0.8 (108000), VMware Player 2.x up to 2.0.5 (109488), VM...

CVE-2008-3696

CVE-2008-3696 corresponds to an unspecified vulnerability in VMware ActiveX controls used by VMware Workstation/Player/ACE/Server (across multiple versions). The connected NVD entry notes a remote, network-exploitable issue with unknown impact, affecting VMware ActiveX components across Workstati...

CVE-2009-3732

CVE-2009-3732 is a VMware Remote Console (VMrc) format-string vulnerability in vmware-vmrc.exe build 158248 that allows remote code execution via a malicious page or URL. Exploitation requires luring the VMrc user to open a crafted page; code executes with the privileges of the logged-on user. Th...

CVE-2008-1364

CVE-2008-1364 describes an unspecified vulnerability in the DHCP service across multiple VMware products (Workstation 5.5.x before 5.5.6, Player 1.0.x before 1.0.6, ACE 1.0.x before 1.0.5, Server 1.0.x before 1.0.5, Fusion 1.1.x before 1.1.1) that allows an attacker to cause a denial of service. ...

CVE-2009-0177

CVE-2009-0177 is a remote denial-of-service vulnerability in the vmware-authd.exe daemon via excessively long USER or PASS commands. Public-availability details (from VMware VMSA-2009-0005) indicate the issue affects multiple VMware products prior to patched versions, including Workstation 6.5.x ...

CVE-2007-4497

CVE-2007-4497 is an unspecified vulnerability affecting VMware products (Workstation prior to 5.5.5 Build 56455, Player prior to 1.0.5 Build 56455, Player 2 prior to 2.0.1 Build 55017, ACE prior to 1.0.3 Build 54075, ACE 2 prior to 2.0.1 Build 55017, and Server prior to 1.0.4 Build 56528). It all...

CVE-2008-3693

CVE-2008-3693 refers to an unspecified vulnerability in an ActiveX control used by multiple VMware products (VMware Workstation 5.5.x up to 5.5.8, Workstation 6.0.x up to 6.0.5, VMware Player 1.x up to 1.0.8, VMware Player 2.x up to 2.0.5, VMware ACE 1.x up to 1.0.7, VMware ACE 2.x up to 2.0.5, a...

CVE-2010-1141

CVE-2010-1141 affects VMware Tools and related VMware host components (Workstation, Player, ACE, Server, Fusion, ESXi/ESX). The flaw is improper access/loading of libraries, enabling a user-assisted remote attacker to trigger arbitrary code execution by convincing a Windows guest OS user to click...

CVE-2007-0061

The DHCP server in VMware products is affected: VMware Workstation (before 5.5.5.56455 and 6.x before 6.0.1.55017), VMware Player (before 1.0.5.56455 and Player 2 before 2.0.1.55017), ACE (before 1.0.3.54075 and ACE 2 before 2.0.1.55017), and VMware Server (before 1.0.4.56528) allows remote attac...

CVE-2009-0910

CVE-2009-0910 involves a heap-based buffer overflow in the VNnc Codec used by VMware Workstation 6.5.x (before 6.5.2 build 156735), VMware Player 2.5.x (before 2.5.2 build 156735), VMware ACE 2.5.x (before 2.5.2 build 156735), and VMware Server 2.0.x (before 2.0.1 build 156745). The vulnerability...

CVE-2008-1362

CVE-2008-1362 affects VMware products (Workstation, Player, ACE, Server) on Windows. The vulnerability arises from insecurely created named pipes used by the authd process, allowing a local attacker to impersonate authd and gain privileges or cause a denial of service. Affected versions include V...

CVE-2009-1147

CVE-2009-1147 affects VMware VMCI (vmci.sys) and enables privilege escalation on Windows-based hosts/guests. The issue is described in VMware’s VMSA-2009-0005 advisory and is linked to VMCI IOCTL handling that can be abused by a local user with admin rights to gain SYSTEM privileges. A remediatio...

CVE-2005-4459

The CVE-2005-4459 issue is a heap-based buffer overflow in VMware’s NAT service components vmnat.exe and vmnet-natd across several products (Workstation 5.5, GSX Server 3.2, ACE 1.0.1, Player 1.0). The flaw is triggered by malformed FTP PORT and EPRT commands processed by the NAT service, allowin...

CVE-2007-4496

The CVE-2007-4496 issue affects VMware products: VMware Workstation (before 5.5.5.56455), VMware Player (before 1.0.5.56455 and Player 2 before 2.0.1 55017), ACE (before 1.0.3.54075 and ACE 2 before 2.0.1 55017), and VMware Server (before 1.0.4 56528). It allows an authenticated guest OS user wit...

CVE-2008-3698

CVE-2008-3698 is a local privilege-escalation in the host OS via VMware OpenProcess issue. Affected host components include VMware Workstation (5.x, 6.x), VMware Server, VMware Player (1.x/2.x), VMware ACE (1.x/2.x). Exploitation would allow local users to run arbitrary code with elevated host pr...

CVE-2007-5438

CVE-2007-5438 involves an unspecified vulnerability in a VMware ActiveX control (Reconfig.DLL) that could allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe). Affected products and build ranges include VMware Workstation 5.5.x <5.5.8 build 108000, Wor...

CVE-2008-3892

CVE-2008-3892 is a buffer overflow in a VMware COM API ActiveX control (GuestInfo method) that can be triggered by passing a long string argument; vulnerable in VMware Workstation 5.5.x up to 5.5.8, Workstation 6.0.x up to 6.0.5, VMware Player 1.x up to 1.0.8, VMware Player 2.x up to 2.0.5, VMwar...

CVE-2009-0199

CVE-2009-0199 refers to a heap-based buffer overflow in the VMnc media codec (vmnc.dll) used by VMware Movie Decoder and related VMware products on Windows. The vulnerability can be triggered by a video file with crafted framebuffer dimensions, allowing remote code execution. Affected components ...

CVE-2007-5023

CVE-2007-5023 describes an unquoted Windows search path vulnerability that could allow local users to gain privileges in EMC VMware products. Affected are VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, VMware Player before 1.0.5 Build 56455 and Player 2 before 2.0.1...

CVE-2008-1363

VMware product family on Windows (Workstation 6.0.x < 6.0.3, Workstation 5.5.x < 5.5.6, Player 2.0.x < 2.0.3, Player 1.0.x < 1.0.6, ACE 2.0.x < 2.0.1 and 1.0.x < 1.0.5, Server 1.0.x

CVE-2009-2628

The CVE-2009-2628 issue affects VMware VMnc codec (vmnc.dll) used by VMware Movie Decoder and related products. The root cause is heap memory corruption triggered by AVI files with certain small heights, enabling remote code execution on Windows when processed by vulnerable VMnc-based components ...

CVE-2009-1146

Affected software: VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745. Vulnerability: An unspecified DoS issue exists in the ioctl handling of hcmon.sys, enablin...

CVE-2010-1138

CVE-2010-1138 corresponds to an information-disclosure vulnerability in VMware hosted products where a guest can cause the host vmware-vmx memory to be exposed via the virtual networking stack when processing network packets. Affected products include VMware Workstation/Player/ACE/Server/Fusion a...

CVE-2009-0908

The CVE-2009-0908 entry covers a vulnerability in the ACE Host Guest File System (HGFS) shared folders feature. A flaw in ACE shared folders could allow a non-ACE administrator to enable a previously disabled shared folder in VMware ACE 2.5.1 and earlier. Impact is enabling a shared folder withou...

CVE-2008-1392

The CVE-2008-1392 issue affects VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1, where the guest OS console is reachable via anonymous VIX API calls. Impact is explicitly stated as unknown in the sources. Remediation noted in VMSA-2008-0005: the vulne...

CVE-2008-3695

CVE-2008-3695 is grouped with other VMware ActiveX control issues (CVE-2008-3691 to CVE-2008-3696). The connected documents describe an unspecified vulnerability in VMware ActiveX controls across multiple products (Workstation, Player, ACE, Server) with unknown impact and remote attack vectors; n...

CVE-2007-5025

CVE-2007-5025 concerns EMC VMware ACE before 1.0.3 Build 54075. The vulnerability arises from an unspecified manipulation of images stored in virtual machines downloaded by the user, with an unknown impact described in the source materials. The available connected documents confirm the product/ve...