CVE-2008-1392

CVE Database · CVE-2008-1392

CVE-2008-1392

· N/AModified

CVSS v3.1

N/A

EPSS

2.73%

Published

Mar 19, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.

Weaknesses (CWE)

CWE-16

Affected Products (4)

microsoft · windows

vmware · acevulnerable

vmware · playervulnerable

vmware · vmware_workstationvulnerable

References (20)

http://lists.vmware.com/pipermail/security-announce/2008/000008.html

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://securityreason.com/securityalert/3755

http://www.securityfocus.com/archive/1/489739/100/0/threaded

http://www.securityfocus.com/bid/28276

http://www.vmware.com/security/advisories/VMSA-2008-0005.html

PatchVendor Advisory

http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

PatchVendor Advisory

http://www.vmware.com/support/player2/doc/releasenotes_player2.html

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs