CVE-2016-7461

CWE-119Buffer Overflow3 documents3 sources
Severity
8.8HIGH
EPSS
0.1%
top 69.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Vmware FusionVmware Fusion PROVmware Workstation Player+1 more
Timeline
PublishedDec 29
Latest updateMay 17

Description

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages4 packages

NVDvmware/workstation_player6 versions+5
NVDvmware/fusion7 versions+6
NVDvmware/fusion_pro7 versions+6
NVDvmware/workstation_pro6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-9cw2-r87q-mc5v: The drag-and-drop (aka DnD) function in VMware Workstation Pro 122022-05-17
CVEList
CVE-2016-7461: The drag-and-drop (aka DnD) function in VMware Workstation Pro 122016-12-29
CVE-2016-7461 (HIGH CVSS 8.8) | The drag-and-drop (aka DnD) functio | cvebase.io