Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3892 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Vmware ACE

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

66.0%

top 1.48%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vmware ACE Vmware Player Vmware Server +1 more

Timeline

PublishedSep 3

Latest updateMay 2

Description

Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call …

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDvmware/player1.0.0 — 1.0.8+1

▶NVDvmware/workstation5.5 — 5.5.8+1

▶NVDvmware/server< 1.0.7

▶NVDvmware/ace1.0 — 1.0.7+1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-889x-p8ww-5fp4: Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5↗2022-05-02

▶

CVEList

CVE-2008-3892: Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5↗2008-09-03

▶

💥Exploits & PoCs

Exploit-DB

VMware - COM API ActiveX Remote Buffer Overflow (PoC)↗2008-09-01

▶