{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-25T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27944", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27944"}, {"name": "29117", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29117"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/?action=item&id=2129"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"}, {"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"}, {"name": "1019493", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019493"}, {"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034"}, {"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"}, {"name": "ADV-2008-0905", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0905/references"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"}, {"name": "vmware-sharedfolders-directory-traversal(40837)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"}, {"name": "ADV-2008-0679", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0679"}, {"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"}, {"name": "28276", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28276"}, {"name": "3700", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3700"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0923", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27944", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27944"}, {"name": "29117", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29117"}, {"name": "http://www.coresecurity.com/?action=item&id=2129", "refsource": "MISC", "url": "http://www.coresecurity.com/?action=item&id=2129"}, {"name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"}, {"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"}, {"name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"}, {"name": "http://www.vmware.com/support/player/doc/releasenotes_player.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"}, {"name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"}, {"name": "1019493", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019493"}, {"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"}, {"name": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034", "refsource": "CONFIRM", "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034"}, {"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"}, {"name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"}, {"name": "ADV-2008-0905", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0905/references"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"}, {"name": "vmware-sharedfolders-directory-traversal(40837)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"}, {"name": "ADV-2008-0679", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0679"}, {"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"}, {"name": "28276", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28276"}, {"name": "3700", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3700"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:01:40.085Z"}, "title": "CVE Program Container", "references": [{"name": "27944", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27944"}, {"name": "29117", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29117"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.coresecurity.com/?action=item&id=2129"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"}, {"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"}, {"name": "1019493", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019493"}, {"name": "20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034"}, {"name": "[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"}, {"name": "ADV-2008-0905", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0905/references"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"}, {"name": "vmware-sharedfolders-directory-traversal(40837)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"}, {"name": "ADV-2008-0679", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0679"}, {"name": "20080225 CORE-2007-0930 Path Traversal vulnerability in VMware's shared folders implementation", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"}, {"name": "28276", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28276"}, {"name": "3700", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3700"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0923", "datePublished": "2008-02-26T00:00:00", "dateReserved": "2008-02-25T00:00:00", "dateUpdated": "2024-08-07T08:01:40.085Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F20A8E8-E07D-41B2-899F-2ABA9DD1C2C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D346E48-887C-4D02-BFD3-D323B7F3871C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A8E1A5AA-BD9F-4263-B7C6-E744323C4D74", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9D22E40D-C362-49FD-924C-262A64555934", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A48CEB4-5864-4A0F-B14C-CFE4699C3311", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "6F2F6AF4-5987-43BC-9183-5DF7D6DE1EFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.1_build_19317:*:*:*:*:*:*:*", "matchCriteriaId": "7764D48A-2D43-413F-9214-AE754DDCF68F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "65DD6966-72EA-4C4D-BC90-B0D534834BA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EBFC9B7A-8A40-467B-9102-EE5259EC4D14", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD0FE7C5-2C46-4B59-9242-A03B986C07DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*", "matchCriteriaId": "51C6D608-64DE-4CC4-9869-3342E8FD707F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "16A1141D-9718-4A22-8FF2-AEAD28E07291", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a \"%c0%2e%c0%2e\" string."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la caracter\u00edstica de Archivos Compartidos de VMWare ACE 1.0.2 y 2.0.2, Player 1.0.4 y 2.0.2, y Workstation 5.5.4 y 6.0.2 permite a usuarios de SO invitados leer y escribir archivos de su elecci\u00f3n en el SO anfitri\u00f3n a trav\u00e9s de una cadena multibyte que produce una cadena de caracteres ancha que contiene secuencias de .. (punto punto), lo que evita el mecanismo de protecci\u00f3n, como se demostr\u00f3 usando una cadena \"%c0%2e%c0%2e\"."}], "id": "CVE-2008-0923", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-02-26T00:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034"}, {"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"}, {"source": "cve@mitre.org", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29117"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3700"}, {"source": "cve@mitre.org", "url": "http://www.coresecurity.com/?action=item&id=2129"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27944"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28276"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019493"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0679"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0905/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.coresecurity.com/?action=item&id=2129"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/488725/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27944"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28276"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0679"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0905/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40837"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}