Beschreibung
Multiple serious vulnerabilities have been found in VMware Workstation Pro and VMware Workstation Player. Malicious users can exploit these vulnerabilities to gain privileges or cause a denial of service.
Below is a complete list of vulnerabilities:
- A DLL loading vulnerability can be exploited remotely to gain privileges from normal to System in the host machine;
- An unspecified vulnerability in the SVGA driver can be exploited remotely to cause a denial of service on the virtual machine or out-of-bounds read.
- A NULL pointer dereference vulnerability in the SVGA driver can be exploited remotely by malicious users with normal privileges to cause a denial of service on their virtual machines.
Technical details
Vulnerability (1) is related to the „vmware-vmx“ process, which loads DLLs from a path defined in the local environment variable.
Vulnerability (2) can be exploited only in case the host does not have any graphics card or graphics drivers installed.
NB: These vulnerabilities do not have any public CVSS rating so rating can be changed by the time.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-4900 high
- CVE-2017-4899 high
- CVE-2017-4898 high
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com