Vulnerabilities fixed in several VMware products

VMWare has fixed several vulnerabilities in its products: VMware Workspace ONE Access and Identity Manager, VMware ESXi, VMware Workstation Pro / Player, VMware Fusion Pro / Fusion, VMware Cloud Foundation and VMware vRealize Impact A malicious party could potentially exploit the vulnerabilities ...

Vmware VMware Workstation 缓冲区错误漏洞

Vmware VMware Workstation and VMware Workstation Player are both products of Vmware, Inc.VMware Workstation is a set of virtual machine software. VMware Workstation is a suite of virtual machine software that provides the ability to run multiple virtual machines with different operating systems a...

VMware Workstation / Player < 12.5.5 - Local Privilege Escalation Exploit

Exploit for multiple platform in category local exploits !/bin/bash VMware Workstation Local Privilege Escalation exploit CVE-2017-4915 - https://www.vmware.com/security/advisories/VMSA-2017-0009.html - https://www.exploit-db.com/exploits/42045/ Affects: - VMware Workstation Player...

CVE-2017-4905

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x...

CVE-2017-4898

VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in th...

VMware Workstation Pro for Linux and VMware Workstation Player for Linux Elevation of Privilege Vulnerability

VMware Workstation Pro for Linux and VMware Workstation Player for Linux are both Linux-based virtual machine software products from VMware.VMware Workstation Pro for Linux is one of the VMware Workstation Pro for Linux is one of the professional editions; VMware Workstation Player for Linux is a...

VMware Workstation Pro for Windows and VMware Workstation Player for Windows vstor2 Driver Denial of Service Vulnerability

VMware Workstation Pro for Windows and VMware Workstation Player for Windows are both Windows-based virtual machine software products from VMware. vMware Workstation Pro for Windows is one of the professional editions; VMware Workstation Player for Windows is a free, open-source and simple virtua...

VMware Workstation Code Execution And DoS Vulnerabilities (Apr 2017) - Windows

VMware Workstation Player is prone to code execution and denial-of-service vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

KLA11037 Arbitrary code execution vulnerability in VMware products

An out-of-bounds memory access vulnerability in the DnD drag-and-drop function was found in VMware Workstation Pro and VMware Workstation Player. By exploiting this vulnerability malicious users can execute arbitrary code on the operating system running VMware Workstation Pro or VMware Workstatio...

VMware Workstation Player Multiple Code Execution Vulnerabilities (Feb 2017) - Windows

VMware Workstation Player is prone to multiple code execution vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Workstation Player 'DnD' Out-of-Bounds Access Vulnerability - Windows

VMware Workstation Player is prone to an out-of-bounds memory access vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Workstation Player 'DnD' Out-of-Bounds Access Vulnerability - Linux

VMware Workstation Player is prone to an out-of-bounds memory access vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-7461

The drag-and-drop aka DnD function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service out-of-bounds memory acces...

CVE-2016-7085

Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory...

Memory corruption

tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service host OS memory corruption via a JPEG...

Arbitrary file deletion

The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory...

CVE-2016-7085

CVE-2016-7085 describes an untrusted search path vulnerability in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, enabling local privilege escalation via a Trojan horse DLL placed in an unspecified directory. The initial description states th...

CVE-2016-7082

CVE-2016-7082 affects VMware Workstation Pro 12.x and Workstation Player 12.x on Windows prior to 12.5.0 when Cortado ThinPrint virtual printing is enabled. The issue stems from improper handling of EMF files in tpview.dll, causing memory corruption and enabling arbitrary code execution on the ho...

CVE-2016-7086

The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory...

KLA10933 Multiple vulnerabilities in VMware Workstation Pro and VMware Workstation Player

Multiple serious vulnerabilities have been found in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0. Malicious users can exploit these vulnerabilities to gain priveleges, execute arbitrary code or cause a denial of service. Below is a complete list of...