Heap Buffer Overflow Vulnerability in VMware ESXi and Workstation Products
CVE-2017-4902

8.8HIGH

Key Information:

Vendor
Vmware
Status
Esxi
Workstation Pro / Player
Fusion Pro / Fusion
Vendor
CVE Published:
7 June 2017

Summary

A heap buffer overflow vulnerability exists in VMware ESXi, Workstation Pro, Player, and Fusion products. This vulnerability allows a malicious guest operating system to potentially execute arbitrary code on the host machine. It affects ESXi versions 6.5 and 5.5 that have not applied specific security patches (ESXi650-201703410-SG and ESXi550-201703401-SG respectively), as well as Workstation Pro/Player prior to version 12.5.5 and Fusion Pro/Fusion prior to version 8.5.6. Users are advised to apply the recommended updates to enhance security and protect against potential exploits.

Affected Version(s)

ESXi 6.5 without patch ESXi650-201703410-SG

ESXi 5.5 without patch ESXi550-201703401-SG

Fusion Pro / Fusion 8.x prior to 8.5.6

References

http://www.vmware.com/security/advisories/VMSA-2017-0006....
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038148
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97163
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.