Unrated severityNVD Advisory· Published Sep 3, 2008· Updated Apr 23, 2026

CVE-2008-3892

Description

Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.

Affected products

VMware/Ace
cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
Range: >=1.0,<1.0.7
VMware/Player
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
Range: >=1.0.0,<1.0.8
VMware/Server
cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*
Range: <1.0.7
VMware/Workstation
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
Range: >=5.5,<5.5.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/31707nvdPatchThird Party Advisory
secunia.com/advisories/31708nvdPatchThird Party Advisory
secunia.com/advisories/31709nvdPatchThird Party Advisory
secunia.com/advisories/31710nvdPatchThird Party Advisory
lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.htmlnvdThird Party Advisory
securityreason.com/securityalert/4202nvdThird Party Advisory
www.securityfocus.com/archive/1/495869/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/29503nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/30934nvdThird Party AdvisoryVDB Entry
www.vmware.com/support/ace/doc/releasenotes_ace.htmlnvdVendor Advisory
www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlnvdVendor Advisory
www.vmware.com/support/player/doc/releasenotes_player.htmlnvdVendor Advisory
www.vmware.com/support/player2/doc/releasenotes_player2.htmlnvdVendor Advisory
www.vmware.com/support/server/doc/releasenotes_server.htmlnvdVendor Advisory
www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlnvdVendor Advisory
www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlnvdVendor Advisory
www.vupen.com/english/advisories/2008/2466nvdThird Party Advisory
www.exploit-db.com/exploits/6345nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/43062nvdVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.053
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000