Lucene search

[email protected]CVE-2008-4915

HistoryNov 10, 2008 - 2:12 p.m.

CVE-2008-4915

2008-11-1014:12:55

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-4915

vmware

workstation

player

ace

server

esx

esxi

cpu hardware emulation

privilege escalation

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.

Affected configurations

NVD

Node

vmwareaceRange1.0–1.0.7

vmwareaceRange2.0–2.0.5

vmwareesxRange2.5.4–3.5

vmwareesxiMatch3.5

vmwareplayerRange1.0.0–1.0.8

vmwareplayerRange2.0–2.0.5

vmwareserverRange1.0–1.0.7

vmwareworkstationRange5.5–5.5.8

vmwareworkstationRange6.0–6.0.5

CPENameOperatorVersion
vmware:acevmware acele1.0.7
vmware:acevmware acele2.0.5
vmware:esxvmware esxle3.5
vmware:esxivmware esxieq3.5
vmware:playervmware playerle1.0.8
vmware:playervmware playerle2.0.5
vmware:servervmware serverle1.0.7
vmware:workstationvmware workstationle5.5.8
vmware:workstationvmware workstationle6.0.5

CPE	Name	Operator	Version
vmware:ace	vmware ace	le	1.0.7
vmware:ace	vmware ace	le	2.0.5
vmware:esx	vmware esx	le	3.5
vmware:esxi	vmware esxi	eq	3.5
vmware:player	vmware player	le	1.0.8
vmware:player	vmware player	le	2.0.5
vmware:server	vmware server	le	1.0.7
vmware:workstation	vmware workstation	le	5.5.8
vmware:workstation	vmware workstation	le	6.0.5