CVE-2016-5330

7.8HIGH

Key Information:

Vendor
Vmware
Status
Workstation Player
Workstation Pro
Esxi
Vendor
CVE Published:
8 August 2016

Summary

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

References

http://www.securitytracker.com/id/1036544
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1036619
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/92323
vdb-entryx_refsource_BID

EPSS Score

4% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.