VMware Workstation and Fusion Drag-and-Drop Vulnerability
CVE-2016-7461
8.8HIGH
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 29 December 2016
Summary
The drag-and-drop functionality in VMware Workstation Pro, Workstation Player, and Fusion allows users of guest operating systems to exploit vulnerabilities that permit execution of arbitrary code on the host operating system. This may also lead to a denial of service due to out-of-bounds memory access, impacting the stability and security of the host environment. Monitor your VMware installations to ensure they are updated to the latest versions to mitigate risks associated with this vulnerability.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved