Vulnerability & Exploit Database

Back to search

VMware Player: Host to guest shared folder (HGFS) traversal vulnerability (VMSA-2008-0005) (CVE-2008-0923)

Severity CVSS Published Added Modified
7 (AV:L/AC:M/Au:N/C:C/I:C/A:C) February 25, 2008 November 30, 2013 February 13, 2015

Description

Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

vmware-player-upgrade-1_0_6

Related Vulnerabilities