Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware ace 2.0.1 |
||
vmware ace 2.0.2 |
||
vmware workstation 5.5.3_build_34685 |
||
vmware workstation 5.5.4 |
||
vmware player 1.0.4 |
||
vmware vmware player 1.0.1_build_19317 |
||
vmware workstation 6.0 |
||
vmware ace 1.0.2 |
||
vmware ace 2.0 |
||
vmware vmware workstation 6.0.2 |
||
vmware workstation 4.5.2 |
||
vmware ace 1.0 |
||
vmware vmware player 1.0.2 |
||
vmware vmware player 1.0.3 |
||
vmware vmware workstation 6.0.1 |