Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7084

CWE-119Buffer Overflow4 documents4 sources
Severity
7.8HIGH
EPSS
0.7%
top 29.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Vmware Workstation PlayerVmware Workstation PRO
Timeline
PublishedDec 29
Latest updateMay 17

Description

tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

NVDvmware/workstation_player4 versions+3
NVDvmware/workstation_pro4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-49hp-q4w9-2gpc: tpview2022-05-17
CVEList
CVE-2016-7084: tpview2016-12-29

💥Exploits & PoCs

1
Exploit-DB
VMware Workstation - 'vprintproxy.exe' JPEG2000 Images Multiple Memory Corruptions2016-09-19
CVE-2016-7084 (HIGH CVSS 7.8) | tpview.dll in VMware Workstation Pr | cvebase.io