Buffer Overflow in VMware Workstation and Player Affecting Remote Operations
CVE-2008-3892

Currently unrated

Key Information:

Vendor: Vmware
Status: Ace; Player; Server; Workstation
Vendor: CVE Published:; 3 September 2008

Summary

The vulnerability involves a buffer overflow in an ActiveX control within the COM API of VMware products. It can be exploited by remote attackers via a crafted call to the GuestInfo method, utilizing long string values that cause a denial of service—a complete crash of the browser—or potentially enabling arbitrary code execution on the affected system.

References

http://www.vmware.com/support/server/doc/releasenotes_ser...

x_refsource_MISC

https://www.exploit-db.com/exploits/6345

exploitx_refsource_EXPLOIT-DB

http://www.vmware.com/support/ace/doc/releasenotes_ace.html

x_refsource_MISC

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 3, 2008
Vulnerability Reserved
Sep 3, 2008