CVE-2016-5330: Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

EXPLOIT

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

Affected

13 ranges

Vendor	Product	Version range	Fixed in
vmware	esxi	5.0 – 6.0	—
vmware	fusion	>= 8.1 < 8.1.1	8.1.1
vmware	tools	9.0.0 – 10.3.22	—
vmware	vmware_esxi	—	—
vmware	vmware_fusion	—	—
vmware	vmware_tools	—	—
vmware	vmware_vcenter_server	—	—
vmware	vmware_vsphere	—	—
vmware	vmware_workstation	—	—
vmware	workstation_player	—	—
vmware	workstation_player	>= 12.1.0 < 12.1.1	12.1.1
vmware	workstation_pro	—	—
vmware	workstation_pro	>= 12.1.0 < 12.1.1	12.1.1