CVE-2016-7085

7.8HIGH

Key Information:

Vendor: Vmware
Status: Workstation Player; Workstation Pro
Vendor: CVE Published:; 29 December 2016

Summary

Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

References

http://www.vmware.com/security/advisories/VMSA-2016-0014....

x_refsource_CONFIRM

http://www.securitytracker.com/id/1036805

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/92940

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 29, 2016
Vulnerability Reserved
Aug 23, 2016