Vulnerability Description
Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Ace 2 | 2.0 |
| Vmware | Fusion | 1.1 |
| Vmware | Vmware Player 2 | 2.0 |
| Vmware | Vmware Workstation | 6.0.1 |
| Vmware | Workstation | 6.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30476Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- http://www.securityfocus.com/archive/1/492831/100/0/threaded
- http://www.securitytracker.com/id?1020148
- http://www.vmware.com/security/advisories/VMSA-2008-0008.html
- http://www.vupen.com/english/advisories/2008/1707/referencesVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42753
- http://secunia.com/advisories/30476Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- http://www.securityfocus.com/archive/1/492831/100/0/threaded
- http://www.securitytracker.com/id?1020148
- http://www.vmware.com/security/advisories/VMSA-2008-0008.html
- http://www.vupen.com/english/advisories/2008/1707/referencesVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42753
FAQ
What is CVE-2008-2098?
CVE-2008-2098 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057...
How severe is CVE-2008-2098?
CVE-2008-2098 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2098?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace 2, Vmware Fusion, Vmware Vmware Player 2, Vmware Vmware Workstation, Vmware Workstation.