KLA11037
Arbitrary code execution vulnerability in VMware products

Updated: 06/18/2020
Detect date
?
03/14/2017
Severity
?
Critical
Description

An out-of-bounds memory access vulnerability in the DnD (drag-and-drop) function was found in VMware Workstation Pro and VMware Workstation Player. By exploiting this vulnerability malicious users can execute arbitrary code on the operating system running VMware Workstation Pro or VMware Workstation Player.

Affected products

VMware Workstation Pro 12.x before 12.5.4
VMware Workstation Player 12.x before 12.5.4

Solution

Update to the latest version
Download VMware Workstation Pro

Original advisories

VMware Security Advisory

Impacts
?
ACE 
[?]
Related products
VMware Workstation
VMware Player
CVE-IDS
?
CVE-2017-49017.5Critical
Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Find out the statistics of the vulnerabilities spreading in your region