CVE-2016-7461

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
vmwarefusion
8.0.0
vmwarefusion
8.0.1
vmwarefusion
8.0.2
vmwarefusion
8.1.0
vmwarefusion
8.1.1
vmwarefusion
8.5.0
vmwarefusion
8.5.1
vmwarefusion_pro
8.0.0
vmwarefusion_pro
8.0.1
vmwarefusion_pro
8.0.2
vmwarefusion_pro
8.1.0
vmwarefusion_pro
8.1.1
vmwarefusion_pro
8.5.0
vmwarefusion_pro
8.5.1
vmwareworkstation_player
12.0.0
vmwareworkstation_player
12.0.1
vmwareworkstation_player
12.1.0
vmwareworkstation_player
12.1.1
vmwareworkstation_player
12.5.0
vmwareworkstation_player
12.5.1
vmwareworkstation_pro
12.0.0
vmwareworkstation_pro
12.0.1
vmwareworkstation_pro
12.1.0
vmwareworkstation_pro
12.1.1
vmwareworkstation_pro
12.5.0
vmwareworkstation_pro
12.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94280
http://www.securitytracker.com/id/1037282
http://www.vmware.com/security/advisories/VMSA-2016-0019.html
http://www.securityfocus.com/bid/94280
http://www.securitytracker.com/id/1037282
http://www.vmware.com/security/advisories/VMSA-2016-0019.html