CVE-2008-4917

2008-12-0900:30:00

CWE-399

[email protected]

web.nvd.nist.gov

vmware

vulnerability

memory-corruption

cve-2008-4917

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.7%

JSON

Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.

Affected configurations

NVD

Node

vmwareesxRange3.0.2–3.5

vmwareesxiMatch3.5

vmwareplayerRange1.0.0–1.0.8

vmwareplayerRange2.0–2.0.5

vmwareserverRange1.0–1.0.9

vmwareworkstationRange5.5–5.5.8

vmwareworkstationRange6.0–6.0.5

CPENameOperatorVersion
vmware:esxvmware esxle3.5
vmware:esxivmware esxieq3.5
vmware:playervmware playerle1.0.8
vmware:playervmware playerle2.0.5
vmware:servervmware serverle1.0.9
vmware:workstationvmware workstationle5.5.8
vmware:workstationvmware workstationle6.0.5

CPE	Name	Operator	Version
vmware:esx	vmware esx	le	3.5
vmware:esxi	vmware esxi	eq	3.5
vmware:player	vmware player	le	1.0.8
vmware:player	vmware player	le	2.0.5
vmware:server	vmware server	le	1.0.9
vmware:workstation	vmware workstation	le	5.5.8
vmware:workstation	vmware workstation	le	6.0.5