VMware Workstation and Fusion updates address out-of-bounds memory access vulnerability

2017-03-1400:00:00

www.vmware.com

504

0.004 Low

EPSS

Percentile

73.7%

JSON

a. VMware Workstation and Fusion out-of-bounds memory access vulnerability

The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

Workaround On Workstation Pro and Fusion, the issue cannot be exploited if both the drag-and-drop function and the copy-and-paste (C&P;) function are disabled. Refer to the Reference section on documentation how to disable these functions. This workaround is not available on Workstation Player. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4901 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

CPENameOperatorVersion
workstation prolt12.5.4
workstation playerlt12.5.4
fusion pro, fusionlt8.5.5

Name	Operator	Version
workstation pro	lt	12.5.4
workstation player	lt	12.5.4
fusion pro, fusion	lt	8.5.5

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4901

pubs.vmware.com/fusion-8/topic/com.vmware.ICbase/PDF/fusion-8-user-guide.pdf

pubs.vmware.com/workstation-12/topic/com.vmware.ICbase/PDF/workstation-pro-12-user-guide.pdf

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for VMSA-2017-0005