CVE - CVE-2008-3892

CVE-ID
CVE-2008-3892	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:29503 URL:http://www.securityfocus.com/bid/29503 BID:30934 URL:http://www.securityfocus.com/bid/30934 BUGTRAQ:20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. URL:http://www.securityfocus.com/archive/1/495869/100/0/threaded EXPLOIT-DB:6345 URL:https://www.exploit-db.com/exploits/6345 FULLDISC:20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html MISC:http://www.vmware.com/support/ace/doc/releasenotes_ace.html MISC:http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html MISC:http://www.vmware.com/support/player/doc/releasenotes_player.html MISC:http://www.vmware.com/support/player2/doc/releasenotes_player2.html MISC:http://www.vmware.com/support/server/doc/releasenotes_server.html MISC:http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html MISC:http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html SECUNIA:31707 URL:http://secunia.com/advisories/31707 SECUNIA:31708 URL:http://secunia.com/advisories/31708 SECUNIA:31709 URL:http://secunia.com/advisories/31709 SECUNIA:31710 URL:http://secunia.com/advisories/31710 SREASON:4202 URL:http://securityreason.com/securityalert/4202 VUPEN:ADV-2008-2466 URL:~~http://www.vupen.com/english/advisories/2008/2466~~ (Obsolete source) XF:vmware-comapi-guestinfo-bo(43062) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43062
Assigning CNA
MITRE Corporation
Date Record Created
20080903	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080903)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)