CVE-2008-0923

CWE-22Path Traversal3 documents3 sources
Severity
6.9MEDIUM
EPSS
0.0%
top 94.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Vmware ACEVmware PlayerVmware Vmware Player+2 more
Timeline
PublishedFeb 26
Latest updateMay 1

Description

Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages5 packages

NVDvmware/player1.0.4
NVDvmware/workstation4 versions+3
NVDvmware/vmware_player1.0.1_build_19317, 1.0.2, 1.0.3+2
NVDvmware/vmware_workstation6.0.1, 6.0.2+1
NVDvmware/ace5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-jph2-4993-v6wc: Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 12022-05-01
CVEList
CVE-2008-0923: Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 12008-02-26
CVE-2008-0923 (MEDIUM CVSS 6.9) | Directory traversal vulnerability i | cvebase.io