VIX API Vulnerability in VMware Workstation and Player Products
CVE-2008-1392

Currently unrated

Key Information:

Vendor
Vmware
Vendor
CVE Published:
20 March 2008

Summary

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x (pre-2.0.3), and VMware ACE 2.0.x (pre-2.0.1) exposes the console of the guest operating system through unauthenticated VIX API calls. This misconfiguration could allow remote attackers to access the console without proper authentication, potentially leading to unauthorized control of the guest OS. This vulnerability affects a critical aspect of virtualization security by compromising the separation of environments that hypervisors rely upon.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.