CVE-2008-1340

VMware ACE 2.0.x - Denial of Service via Crafted VMCI Calls

Title source: llm
STIX 2.1

Description

Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.0.x before 6.0.3, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 allows attackers to cause a denial of service (host OS crash) via crafted VMCI calls that trigger "memory exhaustion and memory corruption."

References (13)

Core 13
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201209-25.xml
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3755
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41250
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1019624
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28289
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489739/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0905/references
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28276

Scores

EPSS 0.0108
EPSS Percentile 78.0%

Details

CWE
CWE-399
Status published
Products (21)
vmware/ace 1.0
vmware/ace 2.0
vmware/player 1.0.2
vmware/player 1.0.3
vmware/player 1.0.4
vmware/player 1.0.5
vmware/player 2.0
vmware/player 2.0.1
vmware/player 2.0.2
vmware/server 1.0.3
... and 11 more
Published Mar 20, 2008
Tracked Since Feb 18, 2026