Description
Multiple serious vulnerabilities have been found in VMware Workstation Pro and VMware Workstation Player. Malicious users can exploit these vulnerabilities to gain privileges or cause a denial of service.
Below is a complete list of vulnerabilities:
- A DLL loading vulnerability can be exploited remotely to gain privileges from normal to System in the host machine;
- An unspecified vulnerability in the SVGA driver can be exploited remotely to cause a denial of service on the virtual machine or out-of-bounds read.
- A NULL pointer dereference vulnerability in the SVGA driver can be exploited remotely by malicious users with normal privileges to cause a denial of service on their virtual machines.
Technical details
Vulnerability (1) is related to the “vmware-vmx” process, which loads DLLs from a path defined in the local environment variable.
Vulnerability (2) can be exploited only in case the host does not have any graphics card or graphics drivers installed.
NB: These vulnerabilities do not have any public CVSS rating so rating can be changed by the time.
Original advisories
Related products
CVE list
- CVE-2017-4900 warning
- CVE-2017-4899 warning
- CVE-2017-4898 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com