Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-02-26 00:44
Updated : 2024-02-28 11:01
NVD link : CVE-2008-0923
Mitre link : CVE-2008-0923
CVE.ORG link : CVE-2008-0923
JSON object : View
Products Affected
vmware
- player
- workstation
- vmware_player
- ace
- vmware_workstation
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')