CVE-2008-0923 Information

Description

Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2 Player 1.0.4 and 2.0.2 and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences which bypasses the protection mechanism as demonstrated using a \c02ec02e\ string.

Reference

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004034 http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060457.html http://lists.vmware.com/pipermail/security-announce/2008/000008.html http://secunia.com/advisories/29117 http://securityreason.com/securityalert/3700 http://www.coresecurity.com/?action=item&id=2129 http://www.securityfocus.com/archive/1/488725/100/0/threaded http://www.securityfocus.com/archive/1/489739/100/0/threaded http://www.securityfocus.com/bid/27944 http://www.securityfocus.com/bid/28276 http://www.securitytracker.com/id?1019493 http://www.vmware.com/security/advisories/VMSA-2008-0005.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/player/doc/releasenotes_player.html http://www.vmware.com/support/player2/doc/releasenotes_player2.html http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html http://www.vupen.com/english/advisories/2008/0679 http://www.vupen.com/english/advisories/2008/0905/references https://exchange.xforce.ibmcloud.com/vulnerabilities/40837