CVE-2017-4900

EUVD-2017-14017
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
vmwareworkstation_player
12.0.0
vmwareworkstation_player
12.0.1
vmwareworkstation_player
12.1.0
vmwareworkstation_player
12.5.0
vmwareworkstation_player
12.5.1
vmwareworkstation_player
12.5.2
vmwareworkstation_pro
12.0.0
vmwareworkstation_pro
12.0.1
vmwareworkstation_pro
12.1.0
vmwareworkstation_pro
12.5.0
vmwareworkstation_pro
12.5.1
vmwareworkstation_pro
12.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/96770
http://www.securitytracker.com/id/1037979
http://www.vmware.com/security/advisories/VMSA-2017-0003.html
http://www.securityfocus.com/bid/96770
http://www.securitytracker.com/id/1037979
http://www.vmware.com/security/advisories/VMSA-2017-0003.html