CVE-2008-1363

{"id": "CVE-2008-1363", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-20T00:44:00.000", "references": [{"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3755", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1019622", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28276", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0905/references", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/3755", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1019622", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/28276", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/support/player/doc/releasenotes_player.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/support/server/doc/releasenotes_server.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/0905/references", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41252", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for \"hijacking the VMX process.\""}, {"lang": "es", "value": "VMware Workstation versiones 6.0.x anteriores a 6.0.3 y versiones 5.5.x anteriores a 5.5.6, VMware Player versiones 2.0.x anteriores a 2.0.3 y versiones 1.0.x anteriores a 1.0.6, VMware ACE versiones 2.0.x anteriores a 2.0.1 y versiones 1.0.x anteriores a 1.0.5, y VMware Server versiones 1.0.x anteriores a 1.0.5 para Windows permite a usuarios locales obtener privilegios mediante una modificaci\u00f3n no especificada del fichero config.ini localizado en la carpeta de Datos de Aplicaci\u00f3n, que puede ser usado para \"secuestrar el proceso VMX\"."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E913C6E9-454D-4FE7-B22B-F24E194F5CE2", "versionEndExcluding": "1.0.5", "versionStartIncluding": "1.0"}, {"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "310A0A72-A709-407D-A68D-24EF59EEC553", "versionEndExcluding": "2.0.1", "versionStartIncluding": "2.0"}, {"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "841FDCE0-8D59-4AE6-8996-5BFD8736DA86", "versionEndExcluding": "1.0.6", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D86484E-0D38-49BC-9C80-688A83F80345", "versionEndExcluding": "2.0.3", "versionStartIncluding": "2.0"}, {"criteria": "cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "517722B0-4E12-4A3B-A35B-2A88DA6D30A9", "versionEndExcluding": "1.0.5", "versionStartIncluding": "1.0"}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C0BDA4-C4AE-4C91-A8D3-A965CCCE3C2E", "versionEndExcluding": "5.5.6", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76907A90-590B-4FBA-977E-CCF19F6F405F", "versionEndExcluding": "6.0.3", "versionStartIncluding": "6.0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}