10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.675 Medium
EPSS
Percentile
97.9%
a. Privilege escalation on 64-bit guest operating systemsVMware products emulate hardware functions, like CPU, Memory, and IO.A flaw in VMware’s CPU hardware emulation could allow the virtual CPU to jump to an incorrect memory address. Exploitation of this issue on the guest operating system does not lead to a compromise of the host system but could lead to a privilege escalation on guest operating system. An attacker would need to have a user account on the guest operating system. Affected64-bit Windows and 64-bit FreeBSD guest operating systems and possibly other 64-bit operating systems. The issue does not affect the 64-bit versions of Linux guest operating systems.VMware would like to thank Derek Soeder for discovering this issue and working with us on its remediation.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4279 this issue.The following table lists what action remediates the vulnerability (column 4) if a solution is available.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4278
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4279