CVE-2008-4917

Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://kb.vmware.com/kb/1006980	Patch Vendor Advisory
http://kb.vmware.com/kb/1006986	Vendor Advisory
http://secunia.com/advisories/32965	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201209-25.xml	Third Party Advisory
http://securitytracker.com/id?1021300	Third Party Advisory VDB Entry
http://securitytracker.com/id?1021301	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498863/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/498886/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/32597	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:esx::::::::
	cpe:2.3:a:vmware:esxi:3.5:::::::*
	cpe:2.3:a:vmware:player::::::::
	cpe:2.3:a:vmware:player::::::::
	cpe:2.3:a:vmware:server::::::::
	cpe:2.3:a:vmware:workstation::::::::
	cpe:2.3:a:vmware:workstation::::::::

History

No history.

Information

Published : 2008-12-09 00:30

Updated : 2023-12-10 10:51

NVD link : CVE-2008-4917

Mitre link : CVE-2008-4917

CVE.ORG link : CVE-2008-4917

JSON object : View

Products Affected

vmware

player
server
workstation
esxi
esx

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2008-4917", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-12-09T00:30:00.283", "references": [{"url": "http://kb.vmware.com/kb/1006980", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://kb.vmware.com/kb/1006986", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32965", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1021300", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1021301", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/498863/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/498886/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32597", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6246", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en VMware Workstation v5.5.8 y anteriores, y v6.0.5 y anteriores, versiones v6.x; VMware Player v1.0.8 y anteriores, y v2.0.5 y versiones anteriores a v2.x; VMware Server v1.0.9 y anteriores; VMware ESXi v3.5; y VMware ESX v3.0.2 a la v3.5, permite a los usuarios del sistema operativo hu\u00e9sped tener un impacto desconocido mediante el env\u00edo de una petici\u00f3n de hardware que lanza una operaci\u00f3n de escritura f\u00edsica de la memoria, permitiendo una corrupci\u00f3n de memoria."}], "lastModified": "2018-11-02T13:44:48.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:esx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EA6F7DC-90D0-40C4-A8CA-765125102DD3", "versionEndIncluding": "3.5", "versionStartIncluding": "3.0.2"}, {"criteria": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD59C463-F352-4F6C-853F-415E3FB4ABDD"}, {"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44A6CE08-8BAB-4BCC-87AE-FA433CD1AC67", "versionEndIncluding": "1.0.8", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA8737EE-4163-4B99-873A-21FC9748087A", "versionEndIncluding": "2.0.5", "versionStartIncluding": "2.0"}, {"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE92595D-2632-432D-A705-B1F21FA2AE4C", "versionEndIncluding": "1.0.9", "versionStartIncluding": "1.0"}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEFA048E-E58D-481F-BE83-FF26795A0F7C", "versionEndIncluding": "5.5.8", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1598C125-3339-4917-BCB6-A7F361887E15", "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}