VMware Workstation and Fusion Drag-and-Drop Vulnerability
CVE-2016-7461

8.8HIGH

Key Information:

Vendor
Vmware
Vendor
CVE Published:
29 December 2016

Summary

The drag-and-drop functionality in VMware Workstation Pro, Workstation Player, and Fusion allows users of guest operating systems to exploit vulnerabilities that permit execution of arbitrary code on the host operating system. This may also lead to a denial of service due to out-of-bounds memory access, impacting the stability and security of the host environment. Monitor your VMware installations to ensure they are updated to the latest versions to mitigate risks associated with this vulnerability.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.