CVE-2008-0923
Last modified
CVE-2008-0923 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.. EPSS estimates a 0.49% chance of exploitation in the next 30 days.
Description
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Ace | 1.0 |
| Vmware | Ace | 1.0.2 |
| Vmware | Ace | 2.0 |
| Vmware | Ace | 2.0.1 |
| Vmware | Ace | 2.0.2 |
| Vmware | Player | 1.0.4 |
| Vmware | Vmware Player | 1.0.1_build_19317 |
| Vmware | Vmware Player | 1.0.2 |
| Vmware | Vmware Player | 1.0.3 |
| Vmware | Vmware Workstation | 6.0.1 |
| Vmware | Vmware Workstation | 6.0.2 |
| Vmware | Workstation | 4.5.2 |
| Vmware | Workstation | 5.5.3_build_34685 |
| Vmware | Workstation | 5.5.4 |
| Vmware | Workstation | 6.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-0923?
How severe is CVE-2008-0923?
How do I fix CVE-2008-0923?
Are you affected by CVE-2008-0923?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST