Rapid7 Vulnerability & Exploit Database

VMware Player: Windows-based host denial of service vulnerability in hcmon.sys (VMSA-2009-0005) (CVE-2008-3761)

Back to Search

VMware Player: Windows-based host denial of service vulnerability in hcmon.sys (VMSA-2009-0005) (CVE-2008-3761)

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
08/21/2008
Created
07/25/2018
Added
11/30/2013
Modified
02/13/2014

Description

hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request.

Solution(s)

  • vmware-player-upgrade-2_5_2

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;