Soluções para:
Produtos domésticos
Pequenas empresas
Empresas médias
Grandes empresas
Vulnerabilidades Ameaças
Início Vulnerabilidades

Multiple vulnerabilities in VMware Workstation and Player

Kaspersky ID:
KLA12098
Data de detecção:
06/23/2020
Atualizado:
01/28/2026

Descrição

Multiple vulnerabilities were found in VMware Workstation and Player. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. A out-of-bound read vulnerability in Shader Functionality can be exploited locally to cause denial of service.
  2. A information leak vulnerability in the EHCI USB controller can be exploited locally to obtain sensitive information.
  3. A heap overflow vulnerability in EHCI controller can be exploited locally to execute arbitrary code.
  4. A use after free vulnerability in SVGA device can be exploited locally to execute arbitrary code.
  5. A information leak vulnerability in the XHCI USB controller can be exploited locally to obtain sensitive information.
  6. A out of bounds write vulnerability in xHCI controller can be exploited locally to cause denial of service or execute arbitrary code.
  7. A heap overflow vulnerability in vmxnet3 can be exploited locally to obtain sensitive information.
  8. A heap overflow vulnerability in SVGA device can be exploited locally to execute arbitrary code.
  9. A use after free vulnerability in PVNVRAM can be exploited to obtain sensitive infromation.

Comunicados originais

Exploração

Public exploits exist for this vulnerability.

Produtos relacionados

Lista de CVE

  • CVE-2020-3970
    warning
  • CVE-2020-3964
    warning
  • CVE-2020-3966
    critical
  • CVE-2020-3962
    critical
  • CVE-2020-3965
    high
  • CVE-2020-3968
    critical
  • CVE-2020-3971
    high
  • CVE-2020-3967
    critical
  • CVE-2020-3969
    critical
  • CVE-2020-3963
    high

Saiba mais

Descubra as estatísticas das vulnerabilidades que se espalham em sua região statistics.securelist.com

Encontrou uma imprecisão na descrição desta vulnerabilidade? Avise-nos!
Kaspersky Next:
cibersegurança redefinida
Saber mais
Novo Kaspersky!
Sua vida dgital merece proteção completa!
Saber mais
Related articles
04 March 2026
Securelist
Mobile malware evolution in 2025
19 February 2026
Securelist
Arkanix Stealer: a C++ & Python infostealer
17 February 2026
Securelist
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
11 February 2026
Securelist
The game is over: when “free” comes at too high a price. What we know about RenEngine
11 February 2026
Securelist
Spam and phishing in 2025
05 February 2026
Securelist
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
Encontrou uma imprecisão na descrição desta vulnerabilidade?
Se você encontrou uma nova Ameaça ou Vulnerabilidade, por favor, nos avise por e-mail:
newvirus@kaspersky.com
Encontrou uma nova Ameaça ou Vulnerabilidade?
Se você encontrou uma nova Ameaça ou Vulnerabilidade, por favor, nos avise por e-mail:
newvirus@kaspersky.com
Soluções para
Produtos domésticos
Pequenas empresas
Empresas médias
Grandes empresas
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Vulnerabilidade
Detect date
Nível de gravidade
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.