VMware Workstation and Fusion Drag-and-Drop Vulnerability
CVE-2016-7461

8.8HIGH

Key Information:

Vendor
Vmware
Status
Fusion
Fusion Pro
Workstation Player
Workstation Pro
Vendor
CVE Published:
29 December 2016

Summary

The drag-and-drop functionality in VMware Workstation Pro, Workstation Player, and Fusion allows users of guest operating systems to exploit vulnerabilities that permit execution of arbitrary code on the host operating system. This may also lead to a denial of service due to out-of-bounds memory access, impacting the stability and security of the host environment. Monitor your VMware installations to ensure they are updated to the latest versions to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/94280
vdb-entryx_refsource_BID
http://www.vmware.com/security/advisories/VMSA-2016-0019....
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037282
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.