CVE-2008-4915 : The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and

The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.

Published 2008-11-10 14:12:56

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-4915

Vmware » Workstation
Versions from including (>=) 6.0 and up to, including, (<=) 6.0.5
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation
Versions from including (>=) 5.5 and up to, including, (<=) 5.5.8
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
Matching versions
Vmware » ACE
Versions from including (>=) 1.0 and up to, including, (<=) 1.0.7
cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
Matching versions
Vmware » ACE
Versions from including (>=) 2.0 and up to, including, (<=) 2.0.5
cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
Matching versions
Vmware » Player
Versions from including (>=) 1.0.0 and up to, including, (<=) 1.0.8
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
Matching versions
Vmware » Player
Versions from including (>=) 2.0 and up to, including, (<=) 2.0.5
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
Matching versions
Vmware » Server
Versions from including (>=) 1.0 and up to, including, (<=) 1.0.7
cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*
Matching versions
Vmware » Esxi » Version: 3.5
cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*
Matching versions
Vmware » ESX
Versions from including (>=) 2.5.4 and up to, including, (<=) 3.5
cpe:2.3:a:vmware:esx:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-4915

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 23 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-4915

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-4915

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-4915

http://lists.vmware.com/pipermail/security-announce/2008/000042.html

Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/498138/100/0/threaded

Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securitytracker.com/id?1021154

Third Party Advisory;VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309

Third Party Advisory
http://www.vupen.com/english/advisories/2008/3052

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/32168

Third Party Advisory;VDB Entry
http://www.vmware.com/security/advisories/VMSA-2008-0018.html

Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/32612

Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46415

Third Party Advisory;VDB Entry
http://security.gentoo.org/glsa/glsa-201209-25.xml

VMware Player, Server, Workstation: Multiple vulnerabilities (GLSA 201209-25) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/32624

Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2008-4915

Products affected by CVE-2008-4915

Exploit prediction scoring system (EPSS) score for CVE-2008-4915

CVSS scores for CVE-2008-4915

CWE ids for CVE-2008-4915

References for CVE-2008-4915