Buffer Overflow in VMware Workstation and Player Affecting Remote Operations
CVE-2008-3892

Currently unrated

Key Information:

Vendor

Vmware
Status
Ace
Player
Server
Workstation
Vendor
CVE Published:
3 September 2008

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 66%

What is CVE-2008-3892?

The vulnerability involves a buffer overflow in an ActiveX control within the COM API of VMware products. It can be exploited by remote attackers via a crafted call to the GuestInfo method, utilizing long string values that cause a denial of service—a complete crash of the browser—or potentially enabling arbitrary code execution on the affected system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-3892 - Proof of Concept

References

http://www.vmware.com/support/server/doc/releasenotes_ser...
x_refsource_MISC
https://www.exploit-db.com/exploits/6345
exploitx_refsource_EXPLOIT-DB
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
x_refsource_MISC

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.