| Vulnerability Name: | CVE-2008-1363 (CCN-41252) | ||||||||
| Assigned: | 2008-03-17 | ||||||||
| Published: | 2008-03-17 | ||||||||
| Updated: | 2018-11-01 | ||||||||
| Summary: | VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process." | ||||||||
| CVSS v3 Severity: | 4.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-1363 Source: MLIST Type: Vendor Advisory [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues Source: CCN Type: SA29412 VMware Server Multiple Vulnerabilities Source: CCN Type: SA29413 VMware Products Multiple Vulnerabilities Source: GENTOO Type: Third Party Advisory GLSA-201209-25 Source: SREASON Type: Third Party Advisory 3755 Source: CCN Type: SECTRACK ID: 1019622 VMware VMX Configuration File Access Controls Lets Local Users Gain Elevated Privileges Source: SECTRACK Type: Third Party Advisory, VDB Entry 1019622 Source: CCN Type: OSVDB ID: 43897 VMware Multiple Products Application Data Folder config.ini Handling Local Privilege Escalation Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues Source: BID Type: Patch, Third Party Advisory, VDB Entry 28276 Source: CCN Type: BID-28276 VMware Server 1.0.5 and Workstation 6.0.3 Multiple Vulnerabilities Source: CCN Type: VMSA-2008-0005 Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line. Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2008-0005.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/player/doc/releasenotes_player.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/player2/doc/releasenotes_player2.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/server/doc/releasenotes_server.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Source: CONFIRM Type: Patch, Vendor Advisory http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html Source: VUPEN Type: Third Party Advisory ADV-2008-0905 Source: XF Type: Third Party Advisory, VDB Entry vmware-config-privilege-escalation(41252) Source: XF Type: UNKNOWN vmware-config-privilege-escalation(41252) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||