HIGH🇵🇱 Wersja polska

CVE-2008-1392

CVSS 10.0v2.0pub. 2008-03-20upd. 2026-04-23

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • VMware Ace

    APP
    Vmware
    ≤ 2.0
  • VMware Player

    APP
    Vmware
    ≤ 2.0.2
  • VMware Workstation

    APP
    Vmware
    6.0.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit