CVE-2008-1392 | Vulnerability Database | Aqua Security

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.

Affected Software

Name	Vendor	Start Version	End Version
Windows	Microsoft	*	*
Vmware-player	Ubuntu	dapper	*
Vmware-player	Ubuntu	edgy	*
Vmware-player	Ubuntu	feisty	*

References

http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securityreason.com/securityalert/3755
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/28276
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/41551
http://lists.vmware.com/pipermail/security-announce/2008/000008.html
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://securityreason.com/securityalert/3755
http://www.securityfocus.com/archive/1/489739/100/0/threaded
http://www.securityfocus.com/bid/28276
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/41551

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1392
CWE	https://cwe.mitre.org/data/definitions/16.html