Summary
| Detail | |||
|---|---|---|---|
| Vendor | Vmware | First view | 2007-09-21 |
| Product | Esx | Last view | 2008-12-08 |
| Version | 2.5.3 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:vmware:esx | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2008-12-08 | CVE-2008-4917 | Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption. |
| 6.9 | 2008-11-10 | CVE-2008-4915 | The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS. |
| 9.3 | 2008-11-10 | CVE-2008-4281 | Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors. |
| 6.8 | 2008-10-06 | CVE-2008-4279 | The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address. |
| 10 | 2007-09-21 | CVE-2007-0063 | Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow. |
| 10 | 2007-09-21 | CVE-2007-0061 | The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory." |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
| 16% (1) | CWE-399 | Resource Management Errors |
| 16% (1) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
| 16% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 16% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 52704 | VMware Multiple Products Unspecified Virtual Hardware Request Memory Corruption |
| 49947 | VMware ESX / ESXi Datastore.FileManagement Unspecified Traversal Privilege Es... |
| 49795 | VMware Multiple Products CPU Hardware Emulation Trap Flag Handling Guest OS U... |
| 49090 | VMware Multiple Products 64-bit Guest OS CPU Hardware Emulation Cross-OS Priv... |
| 40094 | VMware Multiple Products DHCP Server Packet Handling Multiple Remote Overflows |
| 40093 | VMware Multiple Products DHCP Server Remote Memory Corruption Arbitrary Code ... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w... File : nvt/glsa_201209_25.nasl |
| 2009-03-23 | Name : Ubuntu Update for linux-restricted-modules-2.6.17/20, vmware-player-kernel-2... File : nvt/gb_ubuntu_USN_543_1.nasl |
| 2008-12-15 | Name : VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability (Linux) File : nvt/gb_vmware_prdts_inguest_prv_esc_vuln_lin.nasl |
| 2008-12-15 | Name : VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability (Win) File : nvt/gb_vmware_prdts_inguest_prv_esc_vuln_win.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-23 (vmware-workstation vmware-player) File : nvt/glsa_200711_23.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | PcVue SVUIGrd.ocx ActiveX function call access RuleID : 27112 - Type : BROWSER-PLUGINS - Revision : 5 |
| 2014-01-10 | PcVue SVUIGrd.ocx ActiveX clsid access RuleID : 27111 - Type : BROWSER-PLUGINS - Revision : 5 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2012-10-01 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201209-25.nasl - Type: ACT_GATHER_INFO |
| 2009-07-27 | Name: The remote VMware ESX host is missing one or more security-related patches. File: vmware_VMSA-2007-0006.nasl - Type: ACT_GATHER_INFO |
| 2009-07-27 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2008-0016.nasl - Type: ACT_GATHER_INFO |
| 2009-07-27 | Name: The remote VMware ESXi / ESX host is missing a security-related patch. File: vmware_VMSA-2008-0018.nasl - Type: ACT_GATHER_INFO |
| 2009-07-27 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2008-0019.nasl - Type: ACT_GATHER_INFO |
| 2008-11-19 | Name: The remote Windows host has an application that is affected by multiple vulne... File: vmware_multiple_vmsa_2008_0018.nasl - Type: ACT_GATHER_INFO |
| 2008-09-10 | Name: The remote Windows host has an application that is affected by multiple issues. File: vmware_multiple_vmsa_2008_0014.nasl - Type: ACT_GATHER_INFO |
| 2007-11-20 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200711-23.nasl - Type: ACT_GATHER_INFO |
| 2007-11-16 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-543-1.nasl - Type: ACT_GATHER_INFO |
| 2007-10-25 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2007-0970.nasl - Type: ACT_GATHER_INFO |
| 2007-10-04 | Name: The remote Windows host has an application that is affected by multiple issues. File: vmware_ws_server_multiple.nasl - Type: ACT_GATHER_INFO |
