CVE-2008-0923

medium VMware
CVSS v3 Base Score
6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
0.0%
Exploitation probability in 30 days
Top 94% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: February 26, 2008 (6652 days ago)
Last Modified: April 23, 2026
Vendor: VMware
Source: NVD

Description

Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.

CWE

CWE-22

Affected Products

vmware acevmware playervmware vmware playervmware vmware workstationvmware workstation

References

🔗 kb.vmware.com 🔗 lists.grok.org.uk 🔗 lists.vmware.com 🔗 secunia.com 🔗 securityreason.com