Vmware Workstation Pro vulnerabilities

CVE-2017-4925 [MEDIUM] CWE-476 CVE-2017-4925: VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESX VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow a

CVE-2017-4902 [HIGH] CWE-119 CVE-2017-4902: VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Works VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

CVE-2017-4898 [HIGH] CVE-2017-4898: VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs du VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.

CVE-2017-4904 [HIGH] CWE-119 CVE-2017-4904: The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized

CVE-2017-4903 [HIGH] CWE-119 CVE-2017-4903: VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage

CVE-2017-4905 [MEDIUM] CWE-908 CVE-2017-4905: VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issu

CVE-2017-4899 [MEDIUM] CWE-125 CVE-2017-4899: VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in th VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.

CVE-2017-4900 [MEDIUM] CWE-476 CVE-2017-4900: VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability t VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

CVE-2017-4915 [HIGH] CWE-863 CVE-2017-4915: VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driv VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.

CVE-2017-4916 [MEDIUM] CWE-476 CVE-2017-4916: VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the v VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.

CVE-2017-4907 [CRITICAL] VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities VMSA-2017-0008: VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities a. Unified Access Gateway and Horizon View heap buffer-overflow vulnerability VMware Unified Access Gateway and Horizon View contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security ga

CVE-2017-4901 [CRITICAL] VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability VMSA-2017-0005: VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability a. VMware Workstation and Fusion out-of-bounds memory access vulnerability The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs

CVE-2016-7083 [HIGH] CWE-119 CVE-2016-7083: VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Window VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.

CVE-2016-7081 [HIGH] CWE-119 CVE-2016-7081: Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Worksta Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.

CVE-2016-7461 [HIGH] CWE-119 CVE-2016-7461: The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Worksta The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.

CVE-2016-7086 [HIGH] CWE-264 CVE-2016-7086: The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory.

CVE-2016-7084 [HIGH] CWE-119 CVE-2016-7084: tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12 tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.

CVE-2016-7082 [HIGH] CWE-119 CVE-2016-7082: VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Window VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file.

CVE-2016-7085 [HIGH] CWE-426 CVE-2016-7085: Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 an Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2016-7079 [HIGH] VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues VMSA-2016-0014: VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues a. VMware Workstation heap-based buffer overflow vulnerabilities via Cortado ThinPrint VMware Workstation contains vulnerabilities that may allow a Windows-based Virtual Machine (VM) to trigger a heap-based buffer overflow. Exploitation of these issues may lead to arbitrary code execution in