CVE-2008-0923

VMware ACE, Player, and Workstation - Path Traversal via Multibyte String Bypass

Title source: llm

Description

Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.

References (20)

Core 20

Core References

Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27944

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29117

Various Sources x_refsource_misc

http://www.coresecurity.com/?action=item&id=2129

Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/488725/100/0/threaded

Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/player/doc/releasenotes_player.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1019493

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/489739/100/0/threaded

Various Sources x_refsource_confirm

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034

Various Sources mailing-list x_refsource_mlist

http://lists.vmware.com/pipermail/security-announce/2008/000008.html

Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0905/references

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2008-0005.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/40837

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0679

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28276

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3700

Scores

EPSS 0.0002

EPSS Percentile 6.3%

Details

CWE

CWE-22

Status published

Products (15)

vmware/ace 1.0

vmware/ace 1.0.2

vmware/ace 2.0

vmware/ace 2.0.1

vmware/ace 2.0.2

vmware/player 1.0.4

vmware/vmware_player 1.0.1_build_19317

vmware/vmware_player 1.0.2

vmware/vmware_player 1.0.3

vmware/vmware_workstation 6.0.1

... and 5 more

Published Feb 26, 2008

Tracked Since Feb 18, 2026