CVE-2016-7461
high
CVSS v3
8.8
CVSS v2
7.2
VIR risk
8.8
Description
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
Predictions
Exploit likelihood
82%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@vmware.com — http://www.vmware.com/security/advisories/VMSA-2016-0019.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| vmware | fusion | 8.0.0 | |
| vmware | fusion | 8.0.1 | |
| vmware | fusion | 8.0.2 | |
| vmware | fusion | 8.1.0 | |
| vmware | fusion | 8.1.1 | |
| vmware | fusion | 8.5.0 | |
| vmware | fusion | 8.5.1 | |
| vmware | fusion_pro | 8.0.0 | |
| vmware | fusion_pro | 8.0.1 | |
| vmware | fusion_pro | 8.0.2 | |
| vmware | fusion_pro | 8.1.0 | |
| vmware | fusion_pro | 8.1.1 | |
| vmware | fusion_pro | 8.5.0 | |
| vmware | fusion_pro | 8.5.1 | |
| vmware | workstation_player | 12.0.0 | |
| vmware | workstation_player | 12.0.1 | |
| vmware | workstation_player | 12.1.0 | |
| vmware | workstation_player | 12.1.1 | |
| vmware | workstation_player | 12.5.0 | |
| vmware | workstation_player | 12.5.1 | |
| vmware | workstation_pro | 12.0.0 | |
| vmware | workstation_pro | 12.0.1 | |
| vmware | workstation_pro | 12.1.0 | |
| vmware | workstation_pro | 12.1.1 | |
| vmware | workstation_pro | 12.5.0 | |
| vmware | workstation_pro | 12.5.1 | |
References
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.