Buffer Overflow in VMware Workstation and Player Affecting Remote Operations
CVE-2008-3892
Currently unrated
Summary
The vulnerability involves a buffer overflow in an ActiveX control within the COM API of VMware products. It can be exploited by remote attackers via a crafted call to the GuestInfo method, utilizing long string values that cause a denial of service—a complete crash of the browser—or potentially enabling arbitrary code execution on the affected system.
References
EPSS Score
70% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved