CVE-2008-4915 | Vulnerability Database | Aqua Security

The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS.

Affected Software

Name	Vendor	Start Version	End Version
Esxi	Vmware	3.5	3.5
Workstation	Vmware	5.5	5.5.8
Workstation	Vmware	6.0	6.0.5
Player	Vmware	1.0.0	1.0.8
Player	Vmware	2.0	2.0.5
Ace	Vmware	1.0	1.0.7
Ace	Vmware	2.0	2.0.5
Server	Vmware	1.0	1.0.7
Esx	Vmware	2.5.4	3.5

References

http://lists.vmware.com/pipermail/security-announce/2008/000042.html
http://www.securityfocus.com/bid/32168
http://www.securitytracker.com/id?1021154
http://secunia.com/advisories/32612
http://secunia.com/advisories/32624
http://www.vmware.com/security/advisories/VMSA-2008-0018.html
http://www.vupen.com/english/advisories/2008/3052
http://security.gentoo.org/glsa/glsa-201209-25.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/46415
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6309
http://www.securityfocus.com/archive/1/498138/100/0/threaded

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-4915
CWE	https://cwe.mitre.org/data/definitions/264.html