Vulnerability Details CVE-2008-4915
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.7%
CVSS Severity
CVSS v2 Score 6.9
References
- http://lists.vmware.com/pipermail/security-announce/2008/000042.html
- http://secunia.com/advisories/32612
- http://secunia.com/advisories/32624
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- http://www.securityfocus.com/archive/1/498138/100/0/threaded
- http://www.securityfocus.com/bid/32168
- http://www.securitytracker.com/id?1021154
- http://www.vmware.com/security/advisories/VMSA-2008-0018.html
- http://www.vupen.com/english/advisories/2008/3052
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46415
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309
- http://lists.vmware.com/pipermail/security-announce/2008/000042.html
- http://secunia.com/advisories/32612
- http://secunia.com/advisories/32624
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- http://www.securityfocus.com/archive/1/498138/100/0/threaded
- http://www.securityfocus.com/bid/32168
- http://www.securitytracker.com/id?1021154
- http://www.vmware.com/security/advisories/VMSA-2008-0018.html
- http://www.vupen.com/english/advisories/2008/3052
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46415
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309
Products affected by CVE-2008-4915
-
cpe:2.3:a:vmware:ace:1.0
-
cpe:2.3:a:vmware:ace:1.0.1
-
cpe:2.3:a:vmware:ace:1.0.2
-
cpe:2.3:a:vmware:ace:1.0.3
-
cpe:2.3:a:vmware:ace:1.0.3_build_54075
-
cpe:2.3:a:vmware:ace:1.0.4
-
cpe:2.3:a:vmware:ace:1.0.5
-
cpe:2.3:a:vmware:ace:1.0.6
-
cpe:2.3:a:vmware:ace:1.0.7
-
cpe:2.3:a:vmware:ace:2.0
-
cpe:2.3:a:vmware:ace:2.0.1
-
cpe:2.3:a:vmware:ace:2.0.1_build_55017
-
cpe:2.3:a:vmware:ace:2.0.2
-
cpe:2.3:a:vmware:ace:2.0.3
-
cpe:2.3:a:vmware:ace:2.0.4
-
cpe:2.3:a:vmware:ace:2.0.5
-
cpe:2.3:a:vmware:esx:*
-
cpe:2.3:a:vmware:esxi:3.5
-
cpe:2.3:a:vmware:player:1.0.0
-
cpe:2.3:a:vmware:player:1.0.1
-
cpe:2.3:a:vmware:player:1.0.2
-
cpe:2.3:a:vmware:player:1.0.3
-
cpe:2.3:a:vmware:player:1.0.4
-
cpe:2.3:a:vmware:player:1.0.5
-
cpe:2.3:a:vmware:player:1.0.5_build_56455
-
cpe:2.3:a:vmware:player:1.0.6
-
cpe:2.3:a:vmware:player:1.0.7
-
cpe:2.3:a:vmware:player:1.0.8
-
cpe:2.3:a:vmware:player:2.0
-
cpe:2.3:a:vmware:player:2.0.1
-
cpe:2.3:a:vmware:player:2.0.1_build_55017
-
cpe:2.3:a:vmware:player:2.0.2
-
cpe:2.3:a:vmware:player:2.0.3
-
cpe:2.3:a:vmware:player:2.0.4
-
cpe:2.3:a:vmware:player:2.0.5
-
cpe:2.3:a:vmware:server:1.0
-
cpe:2.3:a:vmware:server:1.0.1
-
cpe:2.3:a:vmware:server:1.0.1_build_29996
-
cpe:2.3:a:vmware:server:1.0.2
-
cpe:2.3:a:vmware:server:1.0.3
-
cpe:2.3:a:vmware:server:1.0.4
-
cpe:2.3:a:vmware:server:1.0.4_build_56528
-
cpe:2.3:a:vmware:server:1.0.5
-
cpe:2.3:a:vmware:server:1.0.6
-
cpe:2.3:a:vmware:server:1.0.7
-
cpe:2.3:a:vmware:workstation:5.5
-
cpe:2.3:a:vmware:workstation:5.5.0_build_13124
-
cpe:2.3:a:vmware:workstation:5.5.1
-
cpe:2.3:a:vmware:workstation:5.5.1_build_19175
-
cpe:2.3:a:vmware:workstation:5.5.2
-
cpe:2.3:a:vmware:workstation:5.5.3
-
cpe:2.3:a:vmware:workstation:5.5.3_build_34685
-
cpe:2.3:a:vmware:workstation:5.5.3_build_42958
-
cpe:2.3:a:vmware:workstation:5.5.4
-
cpe:2.3:a:vmware:workstation:5.5.4_build_44386
-
cpe:2.3:a:vmware:workstation:5.5.5
-
cpe:2.3:a:vmware:workstation:5.5.5_build_56455
-
cpe:2.3:a:vmware:workstation:5.5.6
-
cpe:2.3:a:vmware:workstation:5.5.7
-
cpe:2.3:a:vmware:workstation:5.5.8
-
cpe:2.3:a:vmware:workstation:6.0
-
cpe:2.3:a:vmware:workstation:6.0.1
-
cpe:2.3:a:vmware:workstation:6.0.1_build_55017
-
cpe:2.3:a:vmware:workstation:6.0.2
-
cpe:2.3:a:vmware:workstation:6.0.3
-
cpe:2.3:a:vmware:workstation:6.0.4
-
cpe:2.3:a:vmware:workstation:6.0.5