CVE-2017-4898

EUVD-2017-14015
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
vmwareworkstation_player
12.0.0
vmwareworkstation_player
12.0.1
vmwareworkstation_player
12.1.0
vmwareworkstation_player
12.5.0
vmwareworkstation_player
12.5.1
vmwareworkstation_player
12.5.2
vmwareworkstation_pro
12.0.0
vmwareworkstation_pro
12.0.1
vmwareworkstation_pro
12.1.0
vmwareworkstation_pro
12.5.0
vmwareworkstation_pro
12.5.1
vmwareworkstation_pro
12.5.2
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/96772
http://www.securitytracker.com/id/1037979
http://www.vmware.com/security/advisories/VMSA-2017-0003.html
http://www.securityfocus.com/bid/96772
http://www.securitytracker.com/id/1037979
http://www.vmware.com/security/advisories/VMSA-2017-0003.html