Vulnerability Details : CVE-2008-4279
The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address.
Exploit prediction scoring system (EPSS) score for CVE-2008-4279
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-4279
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:L/AC:L/Au:S/C:C/I:C/A:C |
3.1
|
10.0
|
NIST |
CWE ids for CVE-2008-4279
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4279
-
http://www.vmware.com/security/advisories/VMSA-2008-0016.html
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/31569
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1020991
Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45668
Third Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=122331139823057&w=2
Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2008/2740
Third Party Advisory
-
http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929
Third Party Advisory
-
http://www.securityfocus.com/archive/1/497041/100/0/threaded
VDB Entry;Third Party Advisory
Products affected by CVE-2008-4279
- cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:*:*:*:*:*:*:*:*