CVE-2008-1361

VMware <6.0.3, <5.5.6 - Privilege Escalation

Title source: llm

Description

VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation that causes the authd process to connect to an arbitrary named pipe, a different vulnerability than CVE-2008-1362.

References (15)

Core 15

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201209-25.xml

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3755

Patch, Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/server/doc/releasenotes_server.html

Patch, Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

Patch, Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

Patch, Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/player/doc/releasenotes_player.html

Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1019621

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/41257

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/489739/100/0/threaded

Various Sources mailing-list x_refsource_mlist

http://lists.vmware.com/pipermail/security-announce/2008/000008.html

Patch, Vendor Advisory x_refsource_confirm

http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0905/references

Patch, Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2008-0005.html

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28276

Scores

EPSS 0.0004

EPSS Percentile 12.4%

Details

CWE

CWE-264

Status published

Products (28)

vmware/ace 1.0

vmware/ace 1.0.1

vmware/ace 1.0.2

vmware/ace 1.0.3

vmware/ace 1.0.4

vmware/ace 2.0

vmware/player 1.0.2

vmware/player 1.0.3

vmware/player 1.0.4

vmware/player 1.0.5

... and 18 more

Published Mar 20, 2008

Tracked Since Feb 18, 2026