VMware产品共享文件夹MultiByteToWideChar()变量目录遍历漏洞

🗓️ 27 Feb 2008 00:00:00Reported by RootType

VMware产品共享文件夹MultiByteToWideChar()变量目录遍历漏洞，允许Guest系统的用户读写Host文件系统，临时解决方法包括禁用共享文件夹功

Reporter	Title	Published	Views	Family All 13
Core Security	Path Traversal vulnerability in VMware's shared folders implementation	25 Feb 200800:00	–	coresecurity
CVE	CVE-2008-0923	26 Feb 200800:00	–	cve
Cvelist	CVE-2008-0923	26 Feb 200800:00	–	cvelist
EUVD	EUVD-2008-0930	7 Oct 202500:30	–	euvd
NVD	CVE-2008-0923	26 Feb 200800:44	–	nvd
Packet Storm	Core Security Technologies Advisory 2007.0930	25 Feb 200800:00	–	packetstorm
Prion	Directory traversal	26 Feb 200800:44	–	prion
securityvulns	VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues	18 Mar 200800:00	–	securityvulns
securityvulns	VMWare applications multiple security vulnerabilities	18 Mar 200800:00	–	securityvulns
UbuntuCve	CVE-2008-0923	26 Feb 200800:44	–	ubuntucve


                                                /-----------

// mbtwc.c
#include &lt;windows.h&gt;;
int main(int argv, char *argc[]) {
~   unsigned int i, ans;
~   unsigned char buf[200];
~   for (i=1;i;i++) {
~     memset(buf, 0, 200);
~     ans = MultiByteToWideChar(CP_UTF8, 8, &amp;i, 4, buf, 100);
~     // 8 = MB_ERR_INVALID_CHARS
~     if (ans &amp;&amp; (buf[0] == '.') &amp;&amp;   (buf[1] == 0) &amp;&amp;
~        ((i &amp; 0xff) != '.'))
~       printf(&quot;%d %04x: %02x %02x %02x %02x\n&quot;, ans, i,
~             buf[0], buf[1], buf[2], buf[3]);
   }
~ }
- -----------/

27 Feb 2008 00:00Current

6.4Medium risk

Vulners AI Score6.4

EPSS0.00022

vmware 目录遍历漏洞共享文件夹漏洞修复 guest系统 host文件系统禁用功能 nsfocus 厂商补丁