hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request.
References
Configurations
History
21 Nov 2024, 00:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.vmware.com/pipermail/security-announce/2009/000054.html - | |
References | () http://seclists.org/fulldisclosure/2009/Apr/0036.html - | |
References | () http://securityreason.com/securityalert/4177 - | |
References | () http://www.orange-bat.com/adv/2008/adv.08.17.txt - | |
References | () http://www.securityfocus.com/bid/30737 - | |
References | () http://www.securityfocus.com/bid/34373 - | |
References | () http://www.securitytracker.com/id?1020715 - | |
References | () http://www.vmware.com/security/advisories/VMSA-2009-0005.html - | |
References | () http://www.vupen.com/english/advisories/2009/0944 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/44539 - | |
References | () https://www.exploit-db.com/exploits/6262 - |
Information
Published : 2008-08-21 17:41
Updated : 2024-11-21 00:50
NVD link : CVE-2008-3761
Mitre link : CVE-2008-3761
CVE.ORG link : CVE-2008-3761
JSON object : View
Products Affected
vmware
- vmware_workstation
CWE
CWE-20
Improper Input Validation