Lucene search

[email protected]CVE-2016-7083

HistoryDec 29, 2016 - 9:59 a.m.

CVE-2016-7083

2016-12-2909:59:00

CWE-119

[email protected]

web.nvd.nist.gov

vmware

workstation

pro

player

12.x

12.5.0

windows

arbitrary code execution

denial of service

truetype fonts

emfspool

5.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

JSON

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.

Affected configurations

NVD

Node

vmwareworkstation_playerMatch12.0.0

vmwareworkstation_playerMatch12.0.1

vmwareworkstation_playerMatch12.1.0

vmwareworkstation_playerMatch12.1.1

vmwareworkstation_proMatch12.0.0

vmwareworkstation_proMatch12.0.1

vmwareworkstation_proMatch12.1.0

vmwareworkstation_proMatch12.1.1

AND

microsoftwindows

CPENameOperatorVersion
vmware:workstation_playervmware workstation playereq12.0.0
vmware:workstation_playervmware workstation playereq12.0.1
vmware:workstation_playervmware workstation playereq12.1.0
vmware:workstation_playervmware workstation playereq12.1.1
vmware:workstation_provmware workstation proeq12.0.0
vmware:workstation_provmware workstation proeq12.0.1
vmware:workstation_provmware workstation proeq12.1.0
vmware:workstation_provmware workstation proeq12.1.1

CPE	Name	Operator	Version
vmware:workstation_player	vmware workstation player	eq	12.0.0
vmware:workstation_player	vmware workstation player	eq	12.0.1
vmware:workstation_player	vmware workstation player	eq	12.1.0
vmware:workstation_player	vmware workstation player	eq	12.1.1
vmware:workstation_pro	vmware workstation pro	eq	12.0.0
vmware:workstation_pro	vmware workstation pro	eq	12.0.1
vmware:workstation_pro	vmware workstation pro	eq	12.1.0
vmware:workstation_pro	vmware workstation pro	eq	12.1.1

References

www.securityfocus.com/bid/92934

www.securitytracker.com/id/1036805

www.vmware.com/security/advisories/VMSA-2016-0014.html

www.exploit-db.com/exploits/40398/

Social References

5.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

JSON

Related for CVE-2016-7083

nvd1 prion1 zdt1 cvelist1 openvas3 nessus2 vmware2