Privilege Escalation Vulnerability in VMware Workstation and Player
CVE-2016-2077

9.8CRITICAL

Key Information:

Vendor: Vmware
Status: Player
Vendor: CVE Published:; 18 May 2016

What is CVE-2016-2077?

VMware Workstation 11.x and VMware Player 7.x on Windows contain a flaw that allows users to access executable files incorrectly. This vulnerability can lead to privilege escalation on the host operating system, enabling unauthorized users to obtain higher-level permissions through unspecified vectors, thus posing significant security risks.

References

http://www.securitytracker.com/id/1035900

vdb-entryx_refsource_SECTRACK

http://www.vmware.com/security/advisories/VMSA-2016-0005....

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2016
Vulnerability Reserved
Jan 26, 2016

Vmware

What is CVE-2016-2077?

References

CVSS V3.1

Timeline