CVE-2016-7085

Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
vmwareworkstation_player
12.0.0
vmwareworkstation_player
12.0.1
vmwareworkstation_player
12.1.0
vmwareworkstation_player
12.1.1
vmwareworkstation_pro
12.0.0
vmwareworkstation_pro
12.0.1
vmwareworkstation_pro
12.1.0
vmwareworkstation_pro
12.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/92940
http://www.securitytracker.com/id/1036805
http://www.vmware.com/security/advisories/VMSA-2016-0014.html
http://www.securityfocus.com/bid/92940
http://www.securitytracker.com/id/1036805
http://www.vmware.com/security/advisories/VMSA-2016-0014.html