CVE-2017-4941
published 2017-12-20CVE-2017-4941: VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | esxi | — | — |
| vmware | fusion | — | — |
| vmware | fusion | >= 8.0.0 < 8.5.9 | 8.5.9 |
| vmware | fusion_pro | — | — |
| vmware | vmware_esxi | — | — |
| vmware | vmware_fusion | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_workstation | — | — |
| vmware | vsphere | — | — |
| vmware | workstation | — | — |
| vmware | workstation | >= 12.0.0 < 12.5.8 | 12.5.8 |
| vmware | workstation_player | — | — |
| vmware | workstation_pro | — | — |