CVE-2008-3698 : Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Work

Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.

Published 2008-09-03 14:12:00

Updated 2018-10-31 15:33:43

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-3698

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-3698

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-3698

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-3698

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

Vendor Advisory

CVEs referencing this url
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html

Third Party Advisory

CVEs referencing this url
http://securityreason.com/securityalert/4202

Third Party Advisory

CVEs referencing this url
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/44795

VDB Entry
http://securitytracker.com/id?1020790

Third Party Advisory;VDB Entry
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/30936

Third Party Advisory;VDB Entry
http://www.vmware.com/support/ace/doc/releasenotes_ace.html

Vendor Advisory

CVEs referencing this url
http://www.vmware.com/support/player/doc/releasenotes_player.html

Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/495869/100/0/threaded

Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.vmware.com/support/server/doc/releasenotes_server.html

Vendor Advisory

CVEs referencing this url
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

Vendor Advisory

CVEs referencing this url
http://www.vmware.com/security/advisories/VMSA-2008-0014.html

Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/2466

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2008-3698

Vmware » Workstation
Versions from including (>=) 5.5 and before (<) 5.5.8
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation
Versions from including (>=) 6.0 and before (<) 6.0.5
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
Matching versions
Vmware » ACE
Versions from including (>=) 1.0 and before (<) 1.0.7
cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
Matching versions
Vmware » ACE
Versions from including (>=) 2.0 and before (<) 2.0.5
cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
Matching versions
Vmware » Player
Versions from including (>=) 1.0.0 and before (<) 1.0.8
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
Matching versions
Vmware » Player
Versions from including (>=) 2.0 and before (<) 2.0.5
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
Matching versions
Vmware » Server
Versions before (<) 1.0.7
cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-3698

Exploit prediction scoring system (EPSS) score for CVE-2008-3698

CVSS scores for CVE-2008-3698

CWE ids for CVE-2008-3698

References for CVE-2008-3698

Products affected by CVE-2008-3698