Buffer Overflow in VMware Workstation and Player Affecting Remote Operations
CVE-2008-3892

Currently unrated

Key Information:

Vendor
Vmware
Status
Vendor
CVE Published:
3 September 2008

Summary

The vulnerability involves a buffer overflow in an ActiveX control within the COM API of VMware products. It can be exploited by remote attackers via a crafted call to the GuestInfo method, utilizing long string values that cause a denial of service—a complete crash of the browser—or potentially enabling arbitrary code execution on the affected system.

References

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.