cve-2017-4898
Vulnerability from cvelistv5
Published
2017-06-07 18:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/96772 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1037979 | ||
| security@vmware.com | http://www.vmware.com/security/advisories/VMSA-2017-0003.html | Patch, Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | Workstation Pro/Player |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "96772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96772"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to version 12.5.3"
}
]
}
],
"datePublic": "2017-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "96772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96772"
},
{
"name": "1037979",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation Pro/Player",
"version": {
"version_data": [
{
"version_value": "12.x prior to version 12.5.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \"vmware-vmx\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0003.html"
},
{
"name": "96772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96772"
},
{
"name": "1037979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4898",
"datePublished": "2017-06-07T18:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-4898\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2017-06-07T18:29:00.210\",\"lastModified\":\"2019-10-03T00:03:26.223\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the \\\"vmware-vmx\\\" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.\"},{\"lang\":\"es\",\"value\":\"Workstation Pro/Player versiones 12.x anteriores a 12.5.3 de VMware, contiene una vulnerabilidad de carga de DLL que ocurre debido al proceso \\\"vmware-vmx\\\" que carga archivos DLL desde una ruta (path) definida en la variable de entorno local. La explotaci\u00f3n con \u00e9xito de este problema puede permitir a los usuarios normales escalar privilegios al sistema en la m\u00e1quina host donde est\u00e1 instalada Workstation de VMware.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":6.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_player:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ABE47D4-506C-4132-829B-19A61ED35F4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_player:12.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67CDB0AC-25B6-4397-9784-386C81C37352\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_player:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C48608C8-B7A6-47DD-8C78-44EB2B0D6C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_player:12.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E1D4E53-DEB3-4143-B619-4431DB47341F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_player:12.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C83B3D50-43FF-4034-9C75-F44939D60378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_player:12.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1613CB4-1088-40F1-A5E8-584284A980D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3E8337D-BC36-4910-A998-309D277D008C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E91FE31-B442-4EE3-A415-D635A5CCA6C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C67B92FB-CE89-479D-97DF-237C77BF307B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8A83855-1411-4CA8-A005-5AA58D1CB32A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3516D484-83AF-470E-9E9A-AFE3BBE4F75D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation_pro:12.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F5A845C-E2CA-4C3A-8019-22C7DC2EA6DB\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/96772\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037979\",\"source\":\"security@vmware.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2017-0003.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.