CVE-2017-4934
high
CVSS v3
8.8
CVSS v2
7.2
VIR risk
8.8
Description
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.
Predictions
Exploit likelihood
82%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@vmware.com — https://www.vmware.com/security/advisories/VMSA-2017-0018.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| vmware | workstation | 12.0.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 | |
| vmware | workstation | 12.5.3 | |
| vmware | workstation | 12.5.4 | |
| vmware | workstation | 12.5.5 | |
| vmware | workstation | 12.5.6 | |
| vmware | workstation | 12.5.7 | |
| vmware | fusion | 8.0.0 | |
| vmware | fusion | 8.0.1 | |
| vmware | fusion | 8.0.2 | |
| vmware | fusion | 8.1.0 | |
| vmware | fusion | 8.1.1 | |
| vmware | fusion | 8.5.0 | |
| vmware | fusion | 8.5.1 | |
| vmware | fusion | 8.5.2 | |
| vmware | fusion | 8.5.3 | |
| vmware | fusion | 8.5.4 | |
| vmware | fusion | 8.5.5 | |
| vmware | fusion | 8.5.6 | |
| vmware | fusion | 8.5.7 | |
| vmware | fusion | 8.5.8 | |
References
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.