Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-0923

EPSS 0.02% · P6
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-0923

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
VMware产品 共享文件夹机制量 目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMware的共享文件夹机制实现上存在目录遍历漏洞,运行于Guest系统上的程序可以利用此漏洞访问到Host系统的文件。 VMware的共享文件夹允许用户在Guest和Host系统之间传输数据,该机制允许Guest系统的用户读写任意部分的Host文件系统,包括系统文件夹和其他敏感文件。 该漏洞的起因是用于在Guest系统中提供共享文件夹功能的VMware API处理PathName参数的方式。在确认
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2008-0923

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2008-0923

Please Login to view more intelligence information

Same Patch Batch · n/a · 2008-02-26 · 6 CVEs total

CVE-2008-0984VideoLAN VLC Media Player MP4 Demuxer 远程代码执行漏洞
CVE-2006-7232MySQL 'sql_select.cc' INFORMATION_SCHEMA表远程拒绝服务漏洞
CVE-2008-0983lighttpd文件描述符数组远程拒绝服务漏洞
CVE-2008-0596cups 资源管理错误漏洞
CVE-2008-0597Common Unix Printing System 特制IPP数据包 内存泄露漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2008-0923

No comments yet

Leave a comment