CVE-2000-0090 is a vulnerability found in VMware Workstation versions 1.0.1 through 1.1.2. The issue allows local users to cause a denial of service (DoS) condition by exploiting a symbolic link (symlink) attack. In this context, a symlink attack involves creating or manipulating symbolic links in the file system to interfere with VMware's normal operations, potentially causing the software to crash or become unresponsive. This vulnerability requires local access, meaning an attacker must already have some level of access to the host system to execute the attack. The vulnerability does not impact confidentiality but affects integrity and availability by disrupting VMware's functionality. The CVSS score of 3.6 (low severity) reflects the limited scope and impact, as well as the requirement for local access and the absence of known exploits in the wild. No patches or fixes are available for this vulnerability, which dates back to early 2000, indicating that it affects legacy VMware Workstation versions that are unlikely to be in widespread use today.

For European organizations, the impact of CVE-2000-0090 is generally low due to the age of the affected VMware versions and the requirement for local access. However, if legacy systems running these outdated VMware Workstation versions are still in use, particularly in development, testing, or isolated environments, an attacker with local access could exploit this vulnerability to disrupt virtual machine operations, causing downtime and potential loss of productivity. This could affect business continuity, especially in environments relying heavily on virtualization for critical workflows. The denial of service could also indirectly impact other systems or services dependent on the affected virtual machines. Given the low severity and lack of known exploits, the risk is minimal but not negligible for organizations with legacy VMware deployments.

Organizations should verify that no systems are running VMware Workstation versions 1.0.1 through 1.1.2, as these versions are outdated and unsupported. If legacy systems are identified, they should be upgraded to the latest supported VMware Workstation versions, which have addressed this and other vulnerabilities. In environments where upgrading is not immediately feasible, restricting local user access to trusted personnel and implementing strict access controls can reduce the risk of exploitation. Additionally, monitoring for unusual file system activity related to symbolic links and VMware processes may help detect attempted exploitation. Since no patches are available for these versions, migration away from affected software is the most effective mitigation.