CVE-2008-4279

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html

http://marc.info/?l=bugtraq&m=122331139823057&w=2

http://secunia.com/advisories/32157

http://secunia.com/advisories/32179

http://secunia.com/advisories/32180

http://www.securityfocus.com/archive/1/497041/100/0/threaded

http://www.securityfocus.com/bid/31569

http://www.securitytracker.com/id?1020991

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

http://www.vupen.com/english/advisories/2008/2740

https://exchange.xforce.ibmcloud.com/vulnerabilities/45668

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929

Details

Source: MITRE

Published: 2008-10-06

Updated: 2018-11-02

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.1

Severity: MEDIUM

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
40383VMSA-2008-0016 : VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issuesNessusVMware ESX Local Security Checks
critical
34156VMware Products Multiple Vulnerabilities (VMSA-2008-0014)NessusWindows
high