VYPR
Unrated severityNVD Advisory· Published Feb 26, 2008· Updated Jun 16, 2026

CVE-2008-0923

CVE-2008-0923

Description

Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

18
  • VMware/Ace6 versions
    cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:vmware:ace:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:ace:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:ace:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:ace:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:ace:2.0.2:*:*:*:*:*:*:*
    • (no CPE)range: 1.0.2, 2.0.2
  • VMware/Player5 versions
    cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:vmware:player:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_player:1.0.1_build_19317:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_player:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_player:1.0.3:*:*:*:*:*:*:*
    • (no CPE)range: 1.0.4, 2.0.2
  • cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:vmware:vmware_workstation:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:4.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:5.5.3_build_34685:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:6.0:*:*:*:*:*:*:*
    • (no CPE)range: 5.5.4, 6.0.2

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.