Check Point Advisories

Update Protection against VMware COM API ActiveX Control Buffer Overflow

Check Point Reference: CPAI-2008-233
Date Published: 31 Oct 2008
Severity: High
Last Updated: Tuesday 01 January, 2008
Source: Security Focus Bugtraq ID: 30934
Industry Reference:CVE-2008-3892
Protection Provided by:
Who is Vulnerable? VMware VMware COM API ActiveX 2.3.2
Vulnerability Description A buffer overflow vulnerability was reported in VMware COM API. VMware API is developed by VMware Inc. to provide language-neutral interfaces to the VMware Virtual Infrastructure Management (VIM) Framework. The vulnerability is associated with a vulnerable ActiveX control. A remote attacker could exploit the vulnerability by enticing the target user to visit a malicious web page. Successful exploitation allows for execution of arbitrary code or a denial of service condition.
Vulnerability DetailsThe vulnerability is due to improper checking of arguments passed to an ActiveX Control. Successful exploitation would most likely cause an access violation leading to a denial of service condition of the web browser application.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK