Vmware Workstation vulnerabilities

CVE-2017-4938 [MEDIUM] CWE-476 CVE-2017-4938: VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL point VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

CVE-2017-4924 [HIGH] CWE-787 CVE-2017-4924: VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusi VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.

CVE-2017-4925 [MEDIUM] CWE-476 CVE-2017-4925: VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESX VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow a

CVE-2017-4901 [CRITICAL] CWE-119 CVE-2017-4901: The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x bef The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

CVE-2017-4913 [HIGH] CWE-190 CVE-2017-4913: VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an in VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allo

CVE-2017-4911 [HIGH] CWE-787 CVE-2017-4911: VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multi VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may all

CVE-2017-4909 [HIGH] CWE-119 CVE-2017-4909: VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a hea VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may

CVE-2017-4912 [HIGH] CWE-125 CVE-2017-4912: VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multi VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, th

CVE-2017-4910 [HIGH] CWE-125 CVE-2017-4910: VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multi VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allo

CVE-2017-4908 [HIGH] CWE-119 CVE-2017-4908: VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multi VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may al

CVE-2016-2077 [CRITICAL] CWE-264 CVE-2016-2077: VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly acce VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.

CVE-2015-6933 [MEDIUM] CWE-284 CVE-2015-6933: The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.

CVE-2015-3650 [HIGH] CWE-284 CVE-2015-3650: vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware P vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privile

CVE-2015-2341 [HIGH] CWE-20 CVE-2015-2341: VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.

CVE-2015-2336 [MEDIUM] CVE-2015-2336: TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors, a diffe

CVE-2015-2339 [MEDIUM] CVE-2015-2339: TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different

CVE-2015-2337 [MEDIUM] CWE-399 CVE-2015-2337: TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.

CVE-2015-2338 [MEDIUM] CWE-399 CVE-2015-2338: TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a d

CVE-2015-2340 [MEDIUM] CWE-399 CVE-2015-2340: TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors.

CVE-2014-8370 [MEDIUM] CWE-264 CVE-2014-8370: VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0. VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.