CVE-2016-7085

CWE-4263 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 65.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Workstation PlayerVmware Workstation PRO
Timeline
PublishedDec 29
Latest updateMay 17

Description

Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDvmware/workstation_player4 versions+3
NVDvmware/workstation_pro4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-q4gv-cxmr-2mr8: Untrusted search path vulnerability in the installer in VMware Workstation Pro 122022-05-17
CVEList
CVE-2016-7085: Untrusted search path vulnerability in the installer in VMware Workstation Pro 122016-12-29
CVE-2016-7085 (HIGH CVSS 7.8) | Untrusted search path vulnerability | cvebase.io