a. Heap buffer-overflow vulnerability in VMNAT device
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.
VMware would like to thank Jun Mao of Tencent PC Manager working with Trend Micro’s Zero Day Initiative for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4934 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
CPE | Name | Operator | Version |
---|---|---|---|
workstation | lt | 12.5.8 | |
fusion | lt | 8.5.9 | |
horizon view client for windows | lt | 4.6.1 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4939
kb.vmware.com/kb/2078735
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
www.vmware.com/security/advisories
blogs.vmware.com/security
kb.vmware.com/kb/1055
my.vmware.com/web/vmware/details?downloadGroup=CART18FQ3_WIN_461&productId=578&rPId=18817
twitter.com/VMwareSRC
www.vmware.com/go/downloadfusion
www.vmware.com/go/downloadplayer
www.vmware.com/go/downloadworkstation
www.vmware.com/support/policies/lifecycle.html
www.vmware.com/support/policies/security_response.html
www.vmware.com/support/pubs/fusion_pubs.html
www.vmware.com/support/pubs/player_pubs.html
www.vmware.com/support/pubs/ws_pubs.html