Heap-based Buffer Overflow in VMware Workstation and Player
CVE-2016-7081

7.8HIGH

Key Information:

Vendor

Vmware
Status
Workstation Player
Workstation Pro
Vendor
CVE Published:
29 December 2016

What is CVE-2016-7081?

Multiple heap-based buffer overflows have been identified in VMware Workstation Pro and Player prior to version 12.5.0 for Windows. When the Cortado ThinPrint virtual printing feature is enabled, these vulnerabilities could allow an attacker to execute arbitrary code on the host operating system, compromising system security and potentially allowing unauthorized access to sensitive information.

References

http://www.vmware.com/security/advisories/VMSA-2016-0014....
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036805
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/92935
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.