KLA11037
Arbitrary code execution vulnerability in VMware products
Updated: 11/06/2018
CVSS
?
7.5
Detect date
?
03/14/2017
Severity
?
Critical
Description

An out-of-bounds memory access vulnerability in the DnD (drag-and-drop) function was found in VMware Workstation Pro and VMware Workstation Player. By exploiting this vulnerability malicious users can execute arbitrary code on the operating system running VMware Workstation Pro or VMware Workstation Player.

Affected products

VMware Workstation Pro 12.x before 12.5.4
VMware Workstation Player 12.x before 12.5.4

Solution

Update to the latest version
Download VMware Workstation Pro

Original advisories

VMware Security Advisory

Impacts
?
ACE 
[?]
Related products
VMware Workstation
VMware Player
CVE-IDS
?

CVE-2017-4901