Search...

VMware Workstation 12.x < 12.5.8 Multiple Vulnerabilities (VMSA-2017-0018)

2017-11-29T00:00:00

ID VMWARE_WORKSTATION_WIN_VMSA_2017_0018.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-03-02T00:00:00

Description

The version of VMware Workstation installed on the remote Windows host is 12.x prior to 12.5.8. It is, therefore, affected by multiple vulnerabilities including arbitrary code execution and a local DoS.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(104853);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/12");

  script_cve_id(
    "CVE-2017-4934",
    "CVE-2017-4935",
    "CVE-2017-4936",
    "CVE-2017-4937",
    "CVE-2017-4938",
    "CVE-2017-4939"
  );
  script_bugtraq_id(
    101887,
    101890,
    101892,
    101903
  );
  script_xref(name:"VMSA", value:"2017-0018");
  script_xref(name:"ZDI", value:"ZDI-17-921");
  script_xref(name:"ZDI", value:"ZDI-17-922");

  script_name(english:"VMware Workstation 12.x &lt; 12.5.8 Multiple Vulnerabilities (VMSA-2017-0018)");
  script_summary(english:"Checks the VMware Workstation version.");

  script_set_attribute(attribute:"synopsis", value:
"A virtualization application installed on the remote Windows host is
affected by a guest-to-host arbitrary code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of VMware Workstation installed on the remote Windows host
is 12.x prior to 12.5.8. It is, therefore, affected by multiple
vulnerabilities including arbitrary code execution and a local DoS.");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2017-0018.html");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-17-921/");
  script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-17-922/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to VMware Workstation version 12.5.8 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-4934");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/11/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vmware_workstation_detect.nasl");
  script_require_keys("SMB/Registry/Enumerated", "installed_sw/VMware Workstation");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("install_func.inc");
include("misc_func.inc");


get_kb_item_or_exit("SMB/Registry/Enumerated");

appname = 'VMware Workstation';

install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);
version = install['version'];
path = install['path'];

fix = '';
if (version =~ "^12\.") fix = "12.5.8";

if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) &lt; 0)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  report =
    '\n  Path              : ' + path +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix + '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);

JSON Vulners Source

Initial Source

{"id": "VMWARE_WORKSTATION_WIN_VMSA_2017_0018.NASL", "bulletinFamily": "scanner", "title": "VMware Workstation 12.x < 12.5.8 Multiple Vulnerabilities (VMSA-2017-0018)", "description": "The version of VMware Workstation installed on the remote Windows host\nis 12.x prior to 12.5.8. It is, therefore, affected by multiple\nvulnerabilities including arbitrary code execution and a local DoS.", "published": "2017-11-29T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/104853", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.zerodayinitiative.com/advisories/ZDI-17-921/", "http://www.zerodayinitiative.com/advisories/ZDI-17-922/", "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"], "cvelist": ["CVE-2017-4934", "CVE-2017-4938", "CVE-2017-4937", "CVE-2017-4935", "CVE-2017-4939", "CVE-2017-4936"], "type": "nessus", "lastseen": "2021-03-01T07:49:30", "edition": 29, "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "kaspersky", "idList": ["KLA11143"]}, {"type": "vmware", "idList": ["VMSA-2017-0018"]}, {"type": "cve", "idList": ["CVE-2017-4937", "CVE-2017-4939", "CVE-2017-4934", "CVE-2017-4935", "CVE-2017-4938", "CVE-2017-4936"]}, {"type": "nessus", "idList": ["MACOSX_FUSION_VMSA_2017_0018.NASL", "VMWARE_HORIZON_VIEW_CLIENT_VMSA_2017_0018.NASL"]}, {"type": "zdi", "idList": ["ZDI-17-922", "ZDI-17-921"]}], "modified": "2021-03-01T07:49:30", "rev": 2}, "score": {"value": 8.3, "vector": "NONE", "modified": "2021-03-01T07:49:30", "rev": 2}, "vulnersScore": 8.3}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104853);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-4934\",\n \"CVE-2017-4935\",\n \"CVE-2017-4936\",\n \"CVE-2017-4937\",\n \"CVE-2017-4938\",\n \"CVE-2017-4939\"\n );\n script_bugtraq_id(\n 101887,\n 101890,\n 101892,\n 101903\n );\n script_xref(name:\"VMSA\", value:\"2017-0018\");\n script_xref(name:\"ZDI\", value:\"ZDI-17-921\");\n script_xref(name:\"ZDI\", value:\"ZDI-17-922\");\n\n script_name(english:\"VMware Workstation 12.x < 12.5.8 Multiple Vulnerabilities (VMSA-2017-0018)\");\n script_summary(english:\"Checks the VMware Workstation version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization application installed on the remote Windows host is\naffected by a guest-to-host arbitrary code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Workstation installed on the remote Windows host\nis 12.x prior to 12.5.8. It is, therefore, affected by multiple\nvulnerabilities including arbitrary code execution and a local DoS.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2017-0018.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-17-921/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-17-922/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Workstation version 12.5.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-4934\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:workstation\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_workstation_detect.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/VMware Workstation\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\nappname = 'VMware Workstation';\n\ninstall = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nfix = '';\nif (version =~ \"^12\\.\") fix = \"12.5.8\";\n\nif (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix + '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "naslFamily": "Windows", "pluginID": "104853", "cpe": ["cpe:/a:vmware:workstation"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}

{"kaspersky": [{"lastseen": "2020-09-02T11:55:51", "bulletinFamily": "info", "cvelist": ["CVE-2017-4934", "CVE-2017-4938", "CVE-2017-4937", "CVE-2017-4935", "CVE-2017-4939", "CVE-2017-4936"], "description": "### *Detect date*:\n11/16/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in VMware Workstation, Fusion and Horizon View Client. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or bypass security restrictions.\n\n### *Affected products*:\nVMware Workstation 12.x earlier than 12.5.8 \nVMware Fusion 8.x earlier than 8.5.9 \nVMware Horizon View Client for Windows 4.x earlier than 4.6.1\n\n### *Solution*:\nUpdate to latest version \n[Vmware Products](<https://my.vmware.com/web/vmware/downloads>)\n\n### *Original advisories*:\n[VMSA-2017-0018](<https://www.vmware.com/security/advisories/VMSA-2017-0018.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[VMware Workstation](<https://threats.kaspersky.com/en/product/VMware-Workstation/>)\n\n### *CVE-IDS*:\n[CVE-2017-4934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4934>)7.2High \n[CVE-2017-4935](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4935>)6.9High \n[CVE-2017-4936](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4936>)6.9High \n[CVE-2017-4937](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4937>)6.9High \n[CVE-2017-4938](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4938>)2.1Warning \n[CVE-2017-4939](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4939>)6.8High", "edition": 40, "modified": "2020-05-22T00:00:00", "published": "2017-11-16T00:00:00", "id": "KLA11143", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11143", "title": "\r KLA11143Multiple vulnerabilities in VMware Workstation, Fusion and Horizon View Client ", "type": "kaspersky", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-4934", "CVE-2017-4938", "CVE-2017-4937", "CVE-2017-4935", "CVE-2017-4939", "CVE-2017-4936"], "description": "\n", "edition": 6, "modified": "2017-11-17T00:00:00", "published": "2017-11-16T00:00:00", "id": "VMSA-2017-0018", "href": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html", "title": "VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities", "type": "vmware", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:36:46", "description": "VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.", "edition": 4, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2017-11-17T14:29:00", "title": "CVE-2017-4938", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-4938"], "modified": "2017-12-04T16:06:00", "cpe": ["cpe:/a:vmware:fusion:8.0.0", "cpe:/a:vmware:workstation:12.0.1", "cpe:/a:vmware:fusion:8.5.1", "cpe:/a:vmware:workstation:12.5.1", "cpe:/a:vmware:fusion:8.5.3", "cpe:/a:vmware:fusion:8.5.4", "cpe:/a:vmware:workstation:12.5.6", "cpe:/a:vmware:workstation:12.5.4", "cpe:/a:vmware:workstation:12.0.0", "cpe:/a:vmware:workstation:12.5.7", "cpe:/a:vmware:workstation:12.5.5", "cpe:/a:vmware:workstation:12.1.1", "cpe:/a:vmware:fusion:8.5.0", "cpe:/a:vmware:fusion:8.0.2", "cpe:/a:vmware:fusion:8.1.1", "cpe:/a:vmware:workstation:12.5.2", "cpe:/a:vmware:fusion:8.5.5", "cpe:/a:vmware:fusion:8.5.7", "cpe:/a:vmware:fusion:8.5.2", "cpe:/a:vmware:fusion:8.0.1", "cpe:/a:vmware:fusion:8.1.0", "cpe:/a:vmware:workstation:12.5", "cpe:/a:vmware:fusion:8.5.6", "cpe:/a:vmware:fusion:8.5.8", "cpe:/a:vmware:workstation:12.5.3", "cpe:/a:vmware:workstation:12.1"], "id": "CVE-2017-4938", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4938", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:46", "description": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.", "edition": 4, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-11-17T14:29:00", "title": "CVE-2017-4937", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-4937"], "modified": "2017-12-04T16:08:00", "cpe": ["cpe:/a:vmware:workstation:12.0.1", "cpe:/a:vmware:workstation:12.5.1", "cpe:/a:vmware:workstation:12.5.6", "cpe:/a:vmware:workstation:12.5.4", "cpe:/a:vmware:horizon_view:4.0.0", "cpe:/a:vmware:workstation:12.0.0", "cpe:/a:vmware:workstation:12.5.7", "cpe:/a:vmware:workstation:12.5.5", "cpe:/a:vmware:workstation:12.1.1", "cpe:/a:vmware:horizon_view:4.5", "cpe:/a:vmware:workstation:12.5.2", "cpe:/a:vmware:horizon_view:4.0.1", "cpe:/a:vmware:horizon_view:4.4", "cpe:/a:vmware:horizon_view:4.1", "cpe:/a:vmware:horizon_view:4.2", "cpe:/a:vmware:horizon_view:4.6", "cpe:/a:vmware:workstation:12.5", "cpe:/a:vmware:horizon_view:4.3", "cpe:/a:vmware:workstation:12.5.3", "cpe:/a:vmware:workstation:12.1"], "id": "CVE-2017-4937", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4937", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.0.0:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.5:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:horizon_view:4.6:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:horizon_view:4.4:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.0.1:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:46", "description": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.", "edition": 4, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-11-17T14:29:00", "title": "CVE-2017-4936", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-4936"], "modified": "2017-12-04T16:10:00", "cpe": ["cpe:/a:vmware:workstation:12.0.1", "cpe:/a:vmware:workstation:12.5.1", "cpe:/a:vmware:workstation:12.5.6", "cpe:/a:vmware:workstation:12.5.4", "cpe:/a:vmware:horizon_view:4.0.0", "cpe:/a:vmware:workstation:12.0.0", "cpe:/a:vmware:workstation:12.5.7", "cpe:/a:vmware:workstation:12.5.5", "cpe:/a:vmware:workstation:12.1.1", "cpe:/a:vmware:horizon_view:4.5", "cpe:/a:vmware:workstation:12.5.2", "cpe:/a:vmware:horizon_view:4.0.1", "cpe:/a:vmware:horizon_view:4.4", "cpe:/a:vmware:horizon_view:4.1", "cpe:/a:vmware:horizon_view:4.2", "cpe:/a:vmware:horizon_view:4.6", "cpe:/a:vmware:workstation:12.5", "cpe:/a:vmware:horizon_view:4.3", "cpe:/a:vmware:workstation:12.5.3", "cpe:/a:vmware:workstation:12.1"], "id": "CVE-2017-4936", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4936", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.0.0:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.5:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:horizon_view:4.6:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:horizon_view:4.4:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.0.1:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:46", "description": "VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-17T21:29:00", "title": "CVE-2017-4939", "type": "cve", "cwe": ["CWE-426"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-4939"], "modified": "2017-12-03T17:38:00", "cpe": ["cpe:/a:vmware:workstation:12.0.1", "cpe:/a:vmware:workstation:12.5.1", "cpe:/a:vmware:workstation:12.5.6", "cpe:/a:vmware:workstation:12.5.4", "cpe:/a:vmware:workstation:12.5.0", "cpe:/a:vmware:workstation:12.0.0", "cpe:/a:vmware:workstation:12.5.7", "cpe:/a:vmware:workstation:12.5.5", "cpe:/a:vmware:workstation:12.1.1", "cpe:/a:vmware:workstation:12.5.2", "cpe:/a:vmware:workstation:12.5.3"], "id": "CVE-2017-4939", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4939", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:46", "description": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.", "edition": 4, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-11-17T14:29:00", "title": "CVE-2017-4935", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-4935"], "modified": "2017-12-03T17:36:00", "cpe": ["cpe:/a:vmware:workstation:12.0.1", "cpe:/a:vmware:workstation:12.5.1", "cpe:/a:vmware:workstation:12.5.6", "cpe:/a:vmware:workstation:12.5.4", "cpe:/a:vmware:horizon_view:4.0.0", "cpe:/a:vmware:workstation:12.0.0", "cpe:/a:vmware:workstation:12.5.7", "cpe:/a:vmware:workstation:12.5.5", "cpe:/a:vmware:workstation:12.1.1", "cpe:/a:vmware:horizon_view:4.5", "cpe:/a:vmware:workstation:12.5.2", "cpe:/a:vmware:horizon_view:4.0.1", "cpe:/a:vmware:horizon_view:4.4", "cpe:/a:vmware:horizon_view:4.1", "cpe:/a:vmware:horizon_view:4.2", "cpe:/a:vmware:horizon_view:4.6", "cpe:/a:vmware:workstation:12.5", "cpe:/a:vmware:horizon_view:4.3", "cpe:/a:vmware:workstation:12.5.3", "cpe:/a:vmware:workstation:12.1"], "id": "CVE-2017-4935", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4935", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.0.0:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.5:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:horizon_view:4.6:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:horizon_view:4.4:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:horizon_view:4.0.1:*:*:*:*:windows:*:*", "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:46", "description": "VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.", "edition": 4, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-11-17T14:29:00", "title": "CVE-2017-4934", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-4934"], "modified": "2017-12-03T17:36:00", "cpe": ["cpe:/a:vmware:fusion:8.0.0", "cpe:/a:vmware:workstation:12.0.1", "cpe:/a:vmware:fusion:8.5.1", "cpe:/a:vmware:workstation:12.5.1", "cpe:/a:vmware:fusion:8.5.3", "cpe:/a:vmware:fusion:8.5.4", "cpe:/a:vmware:workstation:12.5.6", "cpe:/a:vmware:workstation:12.5.4", "cpe:/a:vmware:workstation:12.0.0", "cpe:/a:vmware:workstation:12.5.7", "cpe:/a:vmware:workstation:12.5.5", "cpe:/a:vmware:workstation:12.1.1", "cpe:/a:vmware:fusion:8.5.0", "cpe:/a:vmware:fusion:8.0.2", "cpe:/a:vmware:fusion:8.1.1", "cpe:/a:vmware:workstation:12.5.2", "cpe:/a:vmware:fusion:8.5.5", "cpe:/a:vmware:fusion:8.5.7", "cpe:/a:vmware:fusion:8.5.2", "cpe:/a:vmware:fusion:8.0.1", "cpe:/a:vmware:fusion:8.1.0", "cpe:/a:vmware:workstation:12.5", "cpe:/a:vmware:fusion:8.5.6", "cpe:/a:vmware:fusion:8.5.8", "cpe:/a:vmware:workstation:12.5.3", "cpe:/a:vmware:workstation:12.1"], "id": "CVE-2017-4934", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4934", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-03-01T03:48:14", "description": "The version of VMware Fusion installed on the remote macOS or Mac OS X\nhost is 8.x prior to 8.5.9. It is, therefore, affected by multiple\nvulnerabilities that allow arbitrary code execution or crashing of\nVMs.", "edition": 30, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-29T00:00:00", "title": "VMware Fusion 8.x < 8.5.9 Multiple Vulnerabilities (VMSA-2017-0018) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-4934", "CVE-2017-4938", "CVE-2017-4939"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:vmware:fusion"], "id": "MACOSX_FUSION_VMSA_2017_0018.NASL", "href": "https://www.tenable.com/plugins/nessus/104851", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104851);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-4934\", \"CVE-2017-4938\", \"CVE-2017-4939\");\n script_bugtraq_id(101887, 101903);\n script_xref(name:\"VMSA\", value:\"2017-0018\");\n script_xref(name:\"ZDI\", value:\"ZDI-17-921\");\n script_xref(name:\"ZDI\", value:\"ZDI-17-922\");\n\n script_name(english:\"VMware Fusion 8.x < 8.5.9 Multiple Vulnerabilities (VMSA-2017-0018) (macOS)\");\n script_summary(english:\"Checks the VMware Fusion version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization application installed on the remote macOS or Mac OS X\nhost is affected by a code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Fusion installed on the remote macOS or Mac OS X\nhost is 8.x prior to 8.5.9. It is, therefore, affected by multiple\nvulnerabilities that allow arbitrary code execution or crashing of\nVMs.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/in/security/advisories/VMSA-2017-0018.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-17-921/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-17-922/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Fusion version 8.5.9 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-4934\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:fusion\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_fusion_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"installed_sw/VMware Fusion\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\ninstall = get_single_install(app_name:\"VMware Fusion\", exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nfix = '';\nif (version =~ \"^8\\.\") fix = '8.5.9';\n\nif (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VMware Fusion\", version, path);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:49:00", "description": "The version of VMware Horizon View Client installed on the remote host\nis 4.x prior to 4.6.1. It is, therefore, affected by multiple\nvulnerabilities including arbitrary code execution or a DoS.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 31, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-29T00:00:00", "title": "VMware Horizon View Client 4.x < 4.6.1 Multiple Vulnerabilities (VMSA-2017-0018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-4937", "CVE-2017-4935", "CVE-2017-4936"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:vmware:horizon_view_client"], "id": "VMWARE_HORIZON_VIEW_CLIENT_VMSA_2017_0018.NASL", "href": "https://www.tenable.com/plugins/nessus/104852", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104852);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-4935\", \"CVE-2017-4936\", \"CVE-2017-4937\");\n script_bugtraq_id(101902);\n script_xref(name:\"VMSA\", value:\"2017-0018\");\n script_xref(name:\"ZDI\", value:\"ZDI-17-922\");\n\n script_name(english:\"VMware Horizon View Client 4.x < 4.6.1 Multiple Vulnerabilities (VMSA-2017-0018)\");\n script_summary(english:\"Checks the VMware Horizon View Client version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization application installed on the remote host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware Horizon View Client installed on the remote host\nis 4.x prior to 4.6.1. It is, therefore, affected by multiple\nvulnerabilities including arbitrary code execution or a DoS.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2017-0018.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-17-922/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware Horizon View Client 4.6.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-4937\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:horizon_view_client\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vmware_horizon_view_client_installed.nbin\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/VMware Horizon View Client\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_info = vcf::get_app_info(app:\"VMware Horizon View Client\", win_local:TRUE);\n\nconstraints = [{ \"min_version\" : \"4\", \"fixed_version\" : \"4.6.1\" }];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2020-06-22T11:40:40", "bulletinFamily": "info", "cvelist": ["CVE-2017-4935"], "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability. The specific flaw exists within JPEG2000 parsing. The process does not properly validate user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the host OS.", "edition": 2, "modified": "2017-06-22T00:00:00", "published": "2017-11-20T00:00:00", "id": "ZDI-17-922", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-922/", "type": "zdi", "title": "ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:39:58", "bulletinFamily": "info", "cvelist": ["CVE-2017-4934"], "description": "This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the NAT IP Fragment Reassembly. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to elevate privileges and execute arbitrary code under the context of SYSTEM in the host OS.", "edition": 2, "modified": "2017-06-22T00:00:00", "published": "2017-11-21T00:00:00", "id": "ZDI-17-921", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-921/", "type": "zdi", "title": "VMware Workstation NAT IP Fragment Reassembly Heap-based Buffer Overflow Privilege Escalation Vulnerability", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}

VMware Workstation 12.x &lt; 12.5.8 Multiple Vulnerabilities (VMSA-2017-0018)

Description

The version of VMware Workstation installed on the remote Windows host is 12.x prior to 12.5.8. It is, therefore, affected by multiple vulnerabilities including arbitrary code execution and a local DoS.

VMware Workstation 12.x < 12.5.8 Multiple Vulnerabilities (VMSA-2017-0018)