Arbitrary code execution vulnerability in VMware products

Description

An out-of-bounds memory access vulnerability in the DnD (drag-and-drop) function was found in VMware Workstation Pro and VMware Workstation Player. By exploiting this vulnerability malicious users can execute arbitrary code on the operating system running VMware Workstation Pro or VMware Workstation Player.

Original advisories

• VMware Security Advisory

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• VMware-Workstation
• VMware-Player

CVE list

• CVE-2017-4901
  critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com