Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3892Improper Restriction of Operations within the Bounds of a Memory Buffer in Vmware ACE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
66.0%
top 1.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Vmware ACEVmware PlayerVmware Server+1 more
Timeline
PublishedSep 3
Latest updateMay 2

Description

Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDvmware/player1.0.01.0.8+1
NVDvmware/workstation5.55.5.8+1
NVDvmware/server< 1.0.7
NVDvmware/ace1.01.0.7+1

Patches

Patch: secunia.comPatch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-889x-p8ww-5fp4: Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 52022-05-02
CVEList
CVE-2008-3892: Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 52008-09-03

💥Exploits & PoCs

1
Exploit-DB
VMware - COM API ActiveX Remote Buffer Overflow (PoC)2008-09-01
CVE-2008-3892 — Vmware ACE vulnerability | cvebase