CVE-2008-4279

2008-10-0619:54:36

CWE-264

[email protected]

web.nvd.nist.gov

vmware

workstation

player

server

esx

vulnerability

privilege escalation

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.7%

JSON

The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.

Affected configurations

NVD

Node

vmwareplayerRange1.0–1.0.8

vmwareplayerRange2.0–2.0.5

vmwareserverRange1.0–1.0.8

vmwareworkstationRange5.5–5.5.8

vmwareworkstationRange6.0–6.0.5

vmwareesxRange2.5.4–3.5

CPENameOperatorVersion
vmware:playervmware playerlt1.0.8
vmware:playervmware playerlt2.0.5
vmware:servervmware serverlt1.0.8
vmware:workstationvmware workstationlt5.5.8
vmware:workstationvmware workstationlt6.0.5
vmware:esxvmware esxle3.5

CPE	Name	Operator	Version
vmware:player	vmware player	lt	1.0.8
vmware:player	vmware player	lt	2.0.5
vmware:server	vmware server	lt	1.0.8
vmware:workstation	vmware workstation	lt	5.5.8
vmware:workstation	vmware workstation	lt	6.0.5
vmware:esx	vmware esx	le	3.5