Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-4901Improper Restriction of Operations within the Bounds of a Memory Buffer in Vmware Fusion PRO Fusion

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.9CRITICALNVD
EPSS
14.1%
top 5.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Vmware Fusion PRO FusionVmware Workstation PRO PlayerVmware Fusion+1 more
Timeline
PublishedJun 8
Latest updateMay 17

Description

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages4 packages

NVDvmware/fusion10 versions+9
NVDvmware/workstation8 versions+7
CVEListV5vmware/fusion_pro_fusion8.x prior to 8.5.5.
CVEListV5vmware/workstation_pro_player12.x prior to 12.5.4

🔴Vulnerability Details

2
GHSA
GHSA-8xg8-8x73-gmmx: The drag-and-drop (DnD) function in VMware Workstation 122022-05-17
CVEList
CVE-2017-4901: The drag-and-drop (DnD) function in VMware Workstation 122017-06-08

💥Exploits & PoCs

2
Exploit-DB
VMware WorkStation 12.5.3 - Virtual Machine Escape2019-06-06
Exploit-DB
VMware WorkStation 12.5.5 - Virtual Machine Escape2017-08-08
CVE-2017-4901 — Vmware Fusion PRO Fusion vulnerability | cvebase