CVE-2017-4901
critical
CVSS v3
9.9
CVSS v2
7.5
VIR risk
9.9
Description
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
Predictions
Exploit likelihood
98%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@vmware.com — https://www.vmware.com/security/advisories/VMSA-2017-0005.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| vmware | fusion | 8.0.0 | |
| vmware | fusion | 8.0.1 | |
| vmware | fusion | 8.0.2 | |
| vmware | fusion | 8.1.0 | |
| vmware | fusion | 8.1.1 | |
| vmware | fusion | 8.5.0 | |
| vmware | fusion | 8.5.1 | |
| vmware | fusion | 8.5.2 | |
| vmware | fusion | 8.5.3 | |
| vmware | fusion | 8.5.4 | |
| vmware | workstation | 12.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 | |
| vmware | workstation | 12.5.3 | |
References
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.