VIX API Vulnerability in VMware Workstation and Player Products
CVE-2008-1392
Currently unrated
Summary
The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x (pre-2.0.3), and VMware ACE 2.0.x (pre-2.0.1) exposes the console of the guest operating system through unauthenticated VIX API calls. This misconfiguration could allow remote attackers to access the console without proper authentication, potentially leading to unauthorized control of the guest OS. This vulnerability affects a critical aspect of virtualization security by compromising the separation of environments that hypervisors rely upon.
References
Timeline
Vulnerability published
Vulnerability Reserved