Vulnerability Name:

CVE-2008-2100 (CCN-42872)

Assigned:2008-06-04
Published:2008-06-04
Updated:2019-08-14
Summary:Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.4 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-119
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2008-2100

Source: CCN
Type: SA30556
VMware Products Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
30556

Source: GENTOO
Type: Third Party Advisory
GLSA-201209-25

Source: SREASON
Type: Third Party Advisory
3922

Source: CCN
Type: SECTRACK ID: 1020200
VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1020200

Source: CCN
Type: OSVDB ID: 46203
VMware Multiple Products VIX API Unspecified VM Host Arbitrary Code Execution

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

Source: BID
Type: Third Party Advisory, VDB Entry
29552

Source: CCN
Type: BID-29552
VMware VIX API Multiple Unspecified Buffer Overflow Vulnerabilities

Source: CCN
Type: VMSA-2008-0009
Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

Source: CONFIRM
Type: Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0009.html

Source: VUPEN
Type: Permissions Required
ADV-2008-1744

Source: XF
Type: Third Party Advisory, VDB Entry
vmware-vixapi-multiple-unspecified-bo(42872)

Source: XF
Type: UNKNOWN
vmware-vixapi-multiple-unspecified-bo(42872)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:5081

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:5647

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:ace:*:*:*:*:*:*:*:* (Version >= 1.0 and <= 1.0.5)
  • OR cpe:/a:vmware:ace:*:*:*:*:*:*:*:* (Version >= 2.0 and <= 2.0.3)
  • OR cpe:/a:vmware:esx_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esxi:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:*:*:*:*:*:*:*:* (Version <= 1.1.1)
  • OR cpe:/a:vmware:player:*:*:*:*:*:*:*:* (Version >= 1.0.0 and <= 1.0.6)
  • OR cpe:/a:vmware:player:*:*:*:*:*:*:*:* (Version >= 2.0 and <= 2.0.3)
  • OR cpe:/a:vmware:server:*:*:*:*:*:*:*:* (Version <= 1.0.5)
  • OR cpe:/a:vmware:workstation:*:*:*:*:*:*:*:* (Version >= 5.5 and <= 5.5.6)
  • OR cpe:/a:vmware:workstation:*:*:*:*:*:*:*:* (Version >= 6.0 and <= 6.0.3)
  • OR cpe:/o:vmware:esx:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.3_build_54075:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.4_build_56528:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.0_build_13124:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.1_build_19175:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.3_build_42958:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.4_build_44386:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.5_build_56455:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.1_build_55017:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:1.1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5081
    V
    		VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code
    2010-05-17
    oval:org.mitre.oval:def:5647
    V
    		VMware Buffer Overflows in VIX API Let Local Users Execute Arbitrary Code
    2010-05-17
    BACK
    vmware ace *
    vmware ace *
    vmware esx server 3.0
    vmware esx server 3.5
    vmware esxi 3.5
    vmware fusion *
    vmware player *
    vmware player *
    vmware server *
    vmware workstation *
    vmware workstation *
    vmware esx 2.5.4
    vmware esx 2.5.5
    vmware esx 3.0.0
    vmware esx 3.0.1
    vmware esx 3.0.2
    vmware esx 3.5
    vmware workstation 5.5.1
    vmware workstation 6.0
    vmware ace 2.0
    vmware ace 1.0
    vmware ace 1.0.3
    vmware ace 1.0.3_build_54075
    vmware esx server 2.5.5
    vmware server 1.0.1_build_29996
    vmware server 1.0.3
    vmware server 1.0.4_build_56528
    vmware workstation 5.0.0_build_13124
    vmware workstation 5.5
    vmware workstation 5.5.0_build_13124
    vmware workstation 5.5.1_build_19175
    vmware workstation 5.5.3
    vmware workstation 5.5.3_build_34685
    vmware workstation 5.5.3_build_42958
    vmware workstation 5.5.4
    vmware workstation 5.5.4_build_44386
    vmware workstation 5.5.5_build_56455
    vmware workstation 6.0.1_build_55017
    vmware ace 2.0.3
    vmware ace 2.0.1
    vmware ace 2.0.2
    vmware esx server 3.5
    vmware workstation 5.0.0_build_13124
    vmware server 1.0
    vmware fusion 1.0
    vmware esx server 3.1
    vmware esx server 3.2
    vmware esx server 3.3
    vmware workstation 5.5.0
    vmware workstation 5.5.2
    vmware workstation 5.5.5
    vmware workstation 5.5.6
    vmware workstation 6.0.1
    vmware workstation 6.0.2
    vmware workstation 6.0.3
    vmware ace 1.0.1
    vmware ace 1.0.2
    vmware ace 1.0.4
    vmware ace 1.0.5
    vmware server 1.0.1
    vmware server 1.0.2
    vmware server 1.0.4
    vmware server 1.0.5
    vmware fusion 1.1
    vmware fusion 1.1.1