Heap Buffer Overflow Vulnerability in VMware ESXi and Workstation Products
CVE-2017-4902
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 7 June 2017
Summary
A heap buffer overflow vulnerability exists in VMware ESXi, Workstation Pro, Player, and Fusion products. This vulnerability allows a malicious guest operating system to potentially execute arbitrary code on the host machine. It affects ESXi versions 6.5 and 5.5 that have not applied specific security patches (ESXi650-201703410-SG and ESXi550-201703401-SG respectively), as well as Workstation Pro/Player prior to version 12.5.5 and Fusion Pro/Fusion prior to version 8.5.6. Users are advised to apply the recommended updates to enhance security and protect against potential exploits.
Affected Version(s)
ESXi 6.5 without patch ESXi650-201703410-SG
ESXi 5.5 without patch ESXi550-201703401-SG
Fusion Pro / Fusion 8.x prior to 8.5.6
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved