Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character string containing .. (dot dot) sequences, which bypasses the protection mechanism, as demonstrated using a "%c0%2e%c0%2e" string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vmware player 1.0.3 |
||
vmware ace 1.0 |
||
vmware vmware player 1.0.2 |
||
vmware ace 2.0.2 |
||
vmware ace 2.0 |
||
vmware ace 2.0.1 |
||
vmware ace 1.0.2 |
||
vmware workstation 6.0 |
||
vmware workstation 5.5.3 build 34685 |
||
vmware vmware player 1.0.1 build 19317 |
||
vmware player 1.0.4 |
||
vmware vmware workstation 6.0.2 |
||
vmware vmware workstation 6.0.1 |
||
vmware workstation 5.5.4 |
||
vmware workstation 4.5.2 |