Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7083

CWE-119Buffer Overflow4 documents4 sources
Severity
7.8HIGH
EPSS
0.3%
top 42.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Vmware Workstation PlayerVmware Workstation PRO
Timeline
PublishedDec 29
Latest updateMay 17

Description

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

NVDvmware/workstation_player4 versions+3
NVDvmware/workstation_pro4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-gjp3-fqv5-xh2f: VMware Workstation Pro 122022-05-17
CVEList
CVE-2016-7083: VMware Workstation Pro 122016-12-29

💥Exploits & PoCs

1
Exploit-DB
VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC)2016-09-19
CVE-2016-7083 (HIGH CVSS 7.8) | VMware Workstation Pro 12.x before | cvebase.io