CVE-2008-4279 — Vmware Player vulnerability

CWE-2643 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 78.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Player Vmware Server Vmware Workstation +1 more

Timeline

PublishedOct 6

Latest updateMay 2

Description

The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages4 packages

▶NVDvmware/player1.0 — 1.0.8+1

▶NVDvmware/server1.0 — 1.0.8

▶NVDvmware/workstation5.5 — 5.5.8+1

▶NVDvmware/esx2.5.4 — 3.5

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-x89w-2wmp-4877: The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6↗2022-05-02

▶

CVEList

CVE-2008-4279: The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6↗2008-10-06

▶