CVE-2008-1363 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2008-1363?

CVE-2008-1363 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-1363?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows, Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation.

Vulnerability Description

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Microsoft	Windows	All versions
Vmware	Ace	>= 1.0, < 1.0.5
Vmware	Player	>= 1.0.0, < 1.0.6
Vmware	Server	>= 1.0, < 1.0.5
Vmware	Workstation	>= 5.5, < 5.5.6

Related Weaknesses (CWE)

CWE-264

References

http://lists.vmware.com/pipermail/security-announce/2008/000008.htmlVendor Advisory
http://security.gentoo.org/glsa/glsa-201209-25.xmlThird Party Advisory
http://securityreason.com/securityalert/3755Third Party Advisory
http://securitytracker.com/id?1019622Third Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/489739/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/28276PatchThird Party AdvisoryVDB Entry
http://www.vmware.com/security/advisories/VMSA-2008-0005.htmlPatchVendor Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlPatchVendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.htmlPatchVendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlPatchVendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.htmlPatchVendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlPatchVendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlPatchVendor Advisory
http://www.vupen.com/english/advisories/2008/0905/referencesThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41252Third Party AdvisoryVDB Entry

FAQ

What is CVE-2008-1363?

CVE-2008-1363 is a vulnerability with a CVSS score of 7.2 (HIGH). VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x bef...

How severe is CVE-2008-1363?

CVE-2008-1363 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1363?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows, Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation.