VIX API Vulnerability in VMware Workstation and Player Products
CVE-2008-1392

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Player; Vmware Workstation
Vendor: CVE Published:; 20 March 2008

Summary

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x (pre-2.0.3), and VMware ACE 2.0.x (pre-2.0.1) exposes the console of the guest operating system through unauthenticated VIX API calls. This misconfiguration could allow remote attackers to access the console without proper authentication, potentially leading to unauthorized control of the guest OS. This vulnerability affects a critical aspect of virtualization security by compromising the separation of environments that hypervisors rely upon.

References

http://security.gentoo.org/glsa/glsa-201209-25.xml

vendor-advisoryx_refsource_GENTOO

http://securityreason.com/securityalert/3755

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/41551

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 20, 2008
Vulnerability Reserved
Mar 19, 2008