CVE-2017-4939Untrusted Search Path in Vmware Workstation

CWE-426Untrusted Search Path3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 59.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Workstation
Timeline
PublishedNov 17
Latest updateMay 17

Description

VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5vmware/workstation12.x before 12.5.8
NVDvmware/workstation11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-xpc2-x3mg-53cv: VMware Workstation (122022-05-17
CVEList
CVE-2017-4939: VMware Workstation (122017-11-17
CVE-2017-4939 — Untrusted Search Path in Vmware | cvebase