Vulnerability Details : CVE-2008-1363
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process."
Products affected by CVE-2008-1363
- cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1363
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1363
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2008-1363
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1363
-
http://securitytracker.com/id?1019622
Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2008/0905/references
Site en constructionThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41252
Third Party Advisory;VDB Entry
-
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Page not foundPatch;Vendor Advisory
-
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Page not foundPatch;Vendor Advisory
-
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Page not foundPatch;Vendor Advisory
-
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
Support Content Notification - Support Portal - Broadcom support portalPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/28276
Patch;Third Party Advisory;VDB Entry
-
http://www.vmware.com/support/player/doc/releasenotes_player.html
Page not foundPatch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/489739/100/0/threaded
Third Party Advisory;VDB Entry
-
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
502 Bad GatewayVendor Advisory
-
http://www.vmware.com/support/server/doc/releasenotes_server.html
Page not foundPatch;Vendor Advisory
-
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Page not foundPatch;Vendor Advisory
-
http://security.gentoo.org/glsa/glsa-201209-25.xml
VMware Player, Server, Workstation: Multiple vulnerabilities (GLSA 201209-25) — Gentoo securityThird Party Advisory
-
http://securityreason.com/securityalert/3755
Third Party Advisory
Jump to