CVE-2008-3698 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2008-3698?

CVE-2008-3698 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-3698?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation.

Vulnerability Description

Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Vmware	Ace	>= 1.0, < 1.0.7
Vmware	Player	>= 1.0.0, < 1.0.8
Vmware	Server	< 1.0.7
Vmware	Workstation	>= 5.5, < 5.5.8

Related Weaknesses (CWE)

CWE-264

References

http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.htmlThird Party Advisory
http://secunia.com/advisories/31707PatchThird Party Advisory
http://securityreason.com/securityalert/4202Third Party Advisory
http://securitytracker.com/id?1020790Third Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/495869/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/30936Third Party AdvisoryVDB Entry
http://www.vmware.com/security/advisories/VMSA-2008-0014.htmlVendor Advisory
http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlVendor Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlVendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.htmlVendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlVendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.htmlVendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlVendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlVendor Advisory
http://www.vupen.com/english/advisories/2008/2466Third Party Advisory

FAQ

What is CVE-2008-3698?

CVE-2008-3698 is a vulnerability with a CVSS score of 7.2 (HIGH). Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 10...

How severe is CVE-2008-3698?

CVE-2008-3698 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3698?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Ace, Vmware Player, Vmware Server, Vmware Workstation.