CVE-2008-2098 - OpenCVE

Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Ace 2 Fusion Vmware Player 2 Vmware Workstation Workstation

Configuration 1 [-]

OR	cpe:2.3:a:vmware:ace_2:2.0:::::::*
	cpe:2.3:a:vmware:ace_2:2.01:::::::*
	cpe:2.3:a:vmware:fusion:1.1:::::::*
	cpe:2.3:a:vmware:fusion:1.1.1:::::::*
	cpe:2.3:a:vmware:vmware_player_2:2.0:::::::*
	cpe:2.3:a:vmware:vmware_player_2:2.01:::::::*
	cpe:2.3:a:vmware:vmware_player_2:2.02:::::::*
	cpe:2.3:a:vmware:vmware_player_2:2.03:::::::*
	cpe:2.3:a:vmware:vmware_workstation:6.0.1:::::::*
	cpe:2.3:a:vmware:vmware_workstation:6.0.2:::::::*
	cpe:2.3:a:vmware:vmware_workstation:6.03:::::::*
	cpe:2.3:a:vmware:workstation:6.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/30476
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://www.securityfocus.com/archive/1/492831/100/0/threaded
http://www.securitytracker.com/id?1020148
http://www.vmware.com/security/advisories/VMSA-2008-0008.html
http://www.vupen.com/english/advisories/2008/1707/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42753

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-02T14:00:00

Updated: 2024-08-07T08:49:57.643Z

Reserved: 2008-05-07T00:00:00

Link: CVE-2008-2098

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-06-02T21:30:00.000

Modified: 2018-10-11T20:39:19.407

Link: CVE-2008-2098

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-30T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201209-25", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"}, {"name": "vmware-hgfs-bo(42753)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753"}, {"name": "1020148", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020148"}, {"name": "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"}, {"name": "ADV-2008-1707", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1707/references"}, {"name": "30476", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30476"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2098", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201209-25", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"}, {"name": "vmware-hgfs-bo(42753)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753"}, {"name": "1020148", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020148"}, {"name": "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"}, {"name": "ADV-2008-1707", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1707/references"}, {"name": "30476", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30476"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:49:57.643Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201209-25", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"}, {"name": "vmware-hgfs-bo(42753)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753"}, {"name": "1020148", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020148"}, {"name": "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"}, {"name": "ADV-2008-1707", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1707/references"}, {"name": "30476", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30476"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2098", "datePublished": "2008-06-02T14:00:00", "dateReserved": "2008-05-07T00:00:00", "dateUpdated": "2024-08-07T08:49:57.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:ace_2:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8476A347-FBF2-4235-8483-7365BAF700A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:ace_2:2.01:*:*:*:*:*:*:*", "matchCriteriaId": "B7AD3DFD-6211-438F-9483-E82B346DBA19", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3DD1338C-8FC1-40A1-BAE8-B11F4354A0CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC862199-8AA7-4E5E-BA2B-DF5FC9A056BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BDF5387-1F1B-42AF-B33D-E4392D61D89C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.01:*:*:*:*:*:*:*", "matchCriteriaId": "6A7B9138-51C8-433D-80B5-70FBB09732DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.02:*:*:*:*:*:*:*", "matchCriteriaId": "5CF74F13-1247-4D40-816A-FF5B2E00FAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_player_2:2.03:*:*:*:*:*:*:*", "matchCriteriaId": "6B6F83E6-1325-4B96-B253-7B031B5BA563", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B7632A4-D120-434D-B35A-303640DB37AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.03:*:*:*:*:*:*:*", "matchCriteriaId": "652DCCCA-2C0F-482F-AD1C-F3913BD3430D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "89329F80-7134-4AB2-BDA3-E1B887F633B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el VMware Host Guest File System (HGFS) en VMware Workstation versiones 6 anteriores a 6.0.4 build 93057, VMware Player versiones 2 anteriores a 2.0.4 build 93057, VMware ACE versiones 2 anteriores a 2.0.2 build 93057 y VMware Fusion versiones anteriores a 1.1.2 build 87978, cuando el uso compartido de carpetas es utilizado, permite a los usuarios del SO invitado ejecutar c\u00f3digo arbitrario sobre el SO host por medio de vectores no especificados."}], "id": "CVE-2008-2098", "lastModified": "2018-10-11T20:39:19.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-06-02T21:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30476"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020148"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1707/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}