Buffer Overflow in VMware Workstation and Player Affecting Remote Operations
CVE-2008-3892

Currently unrated

Key Information:

Vendor

Vmware
Status
Ace
Player
Server
Workstation
Vendor
CVE Published:
3 September 2008

What is CVE-2008-3892?

The vulnerability involves a buffer overflow in an ActiveX control within the COM API of VMware products. It can be exploited by remote attackers via a crafted call to the GuestInfo method, utilizing long string values that cause a denial of service—a complete crash of the browser—or potentially enabling arbitrary code execution on the affected system.

References

http://www.vmware.com/support/server/doc/releasenotes_ser...
x_refsource_MISC
https://www.exploit-db.com/exploits/6345
exploitx_refsource_EXPLOIT-DB
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
x_refsource_MISC

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.