Search criteria
12 vulnerabilities found for Workstation Pro/Player by VMware
CVE-2017-4901 (GCVE-0-2017-4901)
Vulnerability from nvd – Published: 2017-06-08 13:00 – Updated: 2024-08-05 14:39
VLAI
Summary
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038025 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96881 | vdb-entryx_refsource_BID |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
12.x prior to 12.5.4
|
|
| VMware | Fusion Pro / Fusion |
Affected:
8.x prior to 8.5.5.
|
Date Public
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0005.html"
},
{
"name": "1038025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038025"
},
{
"name": "96881",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.4"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.5."
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0005.html"
},
{
"name": "1038025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038025"
},
{
"name": "96881",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.4"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.5."
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0005.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0005.html"
},
{
"name": "1038025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038025"
},
{
"name": "96881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4901",
"datePublished": "2017-06-08T13:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4900 (GCVE-0-2017-4900)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
Severity
No CVSS data available.
CWE
- DoS
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96770 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037979 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
12.x prior to version 12.5.3
|
Date Public
2017-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to version 12.5.3"
}
]
}
],
"datePublic": "2017-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "96770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to version 12.5.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96770"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4900",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4899 (GCVE-0-2017-4899)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.
Severity
No CVSS data available.
CWE
- DoS
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96771 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037979 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
12.x prior to version 12.5.3
|
Date Public
2017-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to version 12.5.3"
}
]
}
],
"datePublic": "2017-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "96771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to version 12.5.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96771"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4899",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4898 (GCVE-0-2017-4898)
Vulnerability from nvd – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
Severity
No CVSS data available.
CWE
- DLL Hijack
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96772 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037979 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
12.x prior to version 12.5.3
|
Date Public
2017-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "96772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96772"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to version 12.5.3"
}
]
}
],
"datePublic": "2017-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "96772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96772"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to version 12.5.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "96772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96772"
},
{
"name": "1037979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4898",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4916 (GCVE-0-2017-4916)
Vulnerability from nvd – Published: 2017-05-22 14:00 – Updated: 2024-08-05 14:47
VLAI
Summary
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.
Severity
No CVSS data available.
CWE
- NULL pointer dereference
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1038526 | vdb-entryx_refsource_SECTRACK |
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/98560 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/42140/ | exploitx_refsource_EXPLOIT-DB |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
All 12.x versions prior to version 12.5.6
|
Date Public
2017-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:42.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "98560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98560"
},
{
"name": "42140",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42140/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "All 12.x versions prior to version 12.5.6"
}
]
}
],
"datePublic": "2017-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1038526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "98560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98560"
},
{
"name": "42140",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42140/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "All 12.x versions prior to version 12.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038526",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038526"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "98560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98560"
},
{
"name": "42140",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42140/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4916",
"datePublished": "2017-05-22T14:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:47:42.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4915 (GCVE-0-2017-4915)
Vulnerability from nvd – Published: 2017-05-22 14:00 – Updated: 2024-08-05 14:47
VLAI
Summary
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.
Severity
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98566 | vdb-entryx_refsource_BID |
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038525 | vdb-entryx_refsource_SECTRACK |
| https://www.exploit-db.com/exploits/42045/ | exploitx_refsource_EXPLOIT-DB |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
All 12.x versions prior to version 12.5.6
|
Date Public
2017-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:42.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98566"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "1038525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038525"
},
{
"name": "42045",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "All 12.x versions prior to version 12.5.6"
}
]
}
],
"datePublic": "2017-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "98566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98566"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "1038525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038525"
},
{
"name": "42045",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42045/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "All 12.x versions prior to version 12.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98566"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "1038525",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038525"
},
{
"name": "42045",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42045/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4915",
"datePublished": "2017-05-22T14:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:47:42.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4901 (GCVE-0-2017-4901)
Vulnerability from cvelistv5 – Published: 2017-06-08 13:00 – Updated: 2024-08-05 14:39
VLAI
Summary
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038025 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96881 | vdb-entryx_refsource_BID |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
12.x prior to 12.5.4
|
|
| VMware | Fusion Pro / Fusion |
Affected:
8.x prior to 8.5.5.
|
Date Public
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0005.html"
},
{
"name": "1038025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038025"
},
{
"name": "96881",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.4"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.5."
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0005.html"
},
{
"name": "1038025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038025"
},
{
"name": "96881",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.4"
}
]
}
},
{
"product_name": "Fusion Pro / Fusion",
"version": {
"version_data": [
{
"version_value": "8.x prior to 8.5.5."
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0005.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0005.html"
},
{
"name": "1038025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038025"
},
{
"name": "96881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4901",
"datePublished": "2017-06-08T13:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4900 (GCVE-0-2017-4900)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
Severity
No CVSS data available.
CWE
- DoS
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96770 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037979 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
12.x prior to version 12.5.3
|
Date Public
2017-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to version 12.5.3"
}
]
}
],
"datePublic": "2017-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "96770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to version 12.5.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96770"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4900",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4898 (GCVE-0-2017-4898)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
Severity
No CVSS data available.
CWE
- DLL Hijack
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96772 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037979 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
12.x prior to version 12.5.3
|
Date Public
2017-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "96772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96772"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to version 12.5.3"
}
]
}
],
"datePublic": "2017-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "96772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96772"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to version 12.5.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "96772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96772"
},
{
"name": "1037979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4898",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4899 (GCVE-0-2017-4899)
Vulnerability from cvelistv5 – Published: 2017-06-07 18:00 – Updated: 2024-08-05 14:39
VLAI
Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.
Severity
No CVSS data available.
CWE
- DoS
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96771 | vdb-entryx_refsource_BID |
| http://www.vmware.com/security/advisories/VMSA-20… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037979 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
12.x prior to version 12.5.3
|
Date Public
2017-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96771",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to version 12.5.3"
}
]
}
],
"datePublic": "2017-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "96771",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to version 12.5.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96771"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "1037979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4899",
"datePublished": "2017-06-07T18:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:39:41.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4915 (GCVE-0-2017-4915)
Vulnerability from cvelistv5 – Published: 2017-05-22 14:00 – Updated: 2024-08-05 14:47
VLAI
Summary
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.
Severity
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98566 | vdb-entryx_refsource_BID |
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038525 | vdb-entryx_refsource_SECTRACK |
| https://www.exploit-db.com/exploits/42045/ | exploitx_refsource_EXPLOIT-DB |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
All 12.x versions prior to version 12.5.6
|
Date Public
2017-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:42.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98566"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "1038525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038525"
},
{
"name": "42045",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "All 12.x versions prior to version 12.5.6"
}
]
}
],
"datePublic": "2017-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "98566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98566"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "1038525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038525"
},
{
"name": "42045",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42045/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "All 12.x versions prior to version 12.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98566"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "1038525",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038525"
},
{
"name": "42045",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42045/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4915",
"datePublished": "2017-05-22T14:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:47:42.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-4916 (GCVE-0-2017-4916)
Vulnerability from cvelistv5 – Published: 2017-05-22 14:00 – Updated: 2024-08-05 14:47
VLAI
Summary
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.
Severity
No CVSS data available.
CWE
- NULL pointer dereference
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1038526 | vdb-entryx_refsource_SECTRACK |
| https://www.vmware.com/security/advisories/VMSA-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/98560 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/42140/ | exploitx_refsource_EXPLOIT-DB |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Workstation Pro/Player |
Affected:
All 12.x versions prior to version 12.5.6
|
Date Public
2017-05-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:42.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "98560",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98560"
},
{
"name": "42140",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42140/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "All 12.x versions prior to version 12.5.6"
}
]
}
],
"datePublic": "2017-05-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1038526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "98560",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98560"
},
{
"name": "42140",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42140/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "All 12.x versions prior to version 12.5.6"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038526",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038526"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"
},
{
"name": "98560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98560"
},
{
"name": "42140",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42140/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4916",
"datePublished": "2017-05-22T14:00:00.000Z",
"dateReserved": "2016-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:47:42.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}