a. ESXi, Workstation, and Fusion stack overflow via authenticated VNC session
VMware ESXi, Workstation, and Fusion contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session.
Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine’s .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.
VMware would like to thank Lilith Wyatt and another member of Cisco Talos for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4941 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.