Vulnerability Details : CVE-2008-4279
The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.
Products affected by CVE-2008-4279
- cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4279
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-4279
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:L/AC:L/Au:S/C:C/I:C/A:C |
3.1
|
10.0
|
NIST |
CWE ids for CVE-2008-4279
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4279
-
http://www.vmware.com/security/advisories/VMSA-2008-0016.html
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/31569
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1020991
Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45668
Third Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=122331139823057&w=2
Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2008/2740
Third Party Advisory
-
http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929
Third Party Advisory
-
http://www.securityfocus.com/archive/1/497041/100/0/threaded
VDB Entry;Third Party Advisory
Jump to