CVE-2008-4917

Name: CVE-2008-4917
Creator: NVD / NIST
Published: 2008-12-09T00:30:00.283+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.46%

Last modified Jun 16, 2026

CVE-2008-4917 is a vulnerability of currently unknown severity. Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.

Metrics

EPSS Probability

0.46%

36.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
Vmware	Esx	>= 3.0.2, <= 3.5
Vmware	Esxi	3.5
Vmware	Player	>= 1.0.0, <= 1.0.8
Vmware	Player	>= 2.0, <= 2.0.5
Vmware	Server	>= 1.0, <= 1.0.9
Vmware	Workstation	>= 5.5, <= 5.5.8
Vmware	Workstation	>= 6.0, <= 6.0.5

References

http://kb.vmware.com/kb/1006980Patch, Vendor Advisory
http://kb.vmware.com/kb/1006986Vendor Advisory
http://secunia.com/advisories/32965Third Party Advisory
http://security.gentoo.org/glsa/glsa-201209-25.xmlThird Party Advisory
http://securitytracker.com/id?1021300Third Party Advisory, VDB Entry
http://securitytracker.com/id?1021301Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/498863/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/498886/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/32597Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246Third Party Advisory
http://kb.vmware.com/kb/1006980Patch, Vendor Advisory
http://kb.vmware.com/kb/1006986Vendor Advisory
http://secunia.com/advisories/32965Third Party Advisory
http://security.gentoo.org/glsa/glsa-201209-25.xmlThird Party Advisory
http://securitytracker.com/id?1021300Third Party Advisory, VDB Entry
http://securitytracker.com/id?1021301Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/498863/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/498886/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/32597Third Party Advisory, VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246Third Party Advisory

Timeline

Published: Dec 9, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-4917?

How severe is CVE-2008-4917?

Severity scoring for CVE-2008-4917 is pending analysis. The EPSS model estimates a 0.46% probability of exploitation in the next 30 days.

How do I fix CVE-2008-4917?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-4917?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST