KLA10934
Arbitrary code execution and denial of service vulnerability in VMware products
Updated: 01/16/2017
CVSS
?
7.2
Detect date
?
12/29/2016
Severity
?
High
Description

An unspecified vulnerability was found in VMware Workstation Pro 12.x before 12.5.2, VMware Workstation Player 12.x before 12.5.2 and VMware Fusion, Fusion Pro 8.x before 8.5.2. By exploiting this vulnerability malicious users can execute arbitrary code on the host OS or cause a denial of service. This vulnerability can be exploited remotely via unspecified vectors.


Technical details

This vulnerability was found in the drag-and-drop (DnD) function.

Affected products

VMware Workstation Pro 12.x before 12.5.2
VMware Workstation Player 12.x before 12.5.2
VMware Fusion and Fusion Pro 8.x before 8.5.2

Solution

Update to the latest version
Get VMware products

Original advisories

VMSA-2016-0019

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
VMware Workstation
VMware Player
VMware Fusion
CVE-IDS
?

CVE-2016-7461