Directory Traversal Vulnerability in VMware Products
CVE-2008-0923

Currently unrated

Key Information:

Vendor: Vmware
Status: Vmware Player; Ace; Workstation; Player
Vendor: CVE Published:; 26 February 2008

Summary

A directory traversal vulnerability exists in VMware's Shared Folders feature that allows guest operating system users to access and manipulate arbitrary files on the host system. This flaw arises from the improper handling of multibyte strings containing sequences that denote directory traversal ('..'), enabling an attacker to bypass intended security mechanisms. The exploitation may lead to unauthorized file access and modifications, posing significant risks to the integrity and confidentiality of the host system's data.

References

http://www.securityfocus.com/bid/27944

vdb-entryx_refsource_BID

http://secunia.com/advisories/29117

third-party-advisoryx_refsource_SECUNIA

http://www.coresecurity.com/?action=item&id=2129

x_refsource_MISC

Timeline

Vulnerability published
Feb 26, 2008
Vulnerability Reserved
Feb 25, 2008