CVE-2017-4901

EUVD-2017-14018
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
vmwarefusion
8.0.0
vmwarefusion
8.0.1
vmwarefusion
8.0.2
vmwarefusion
8.1.0
vmwarefusion
8.1.1
vmwarefusion
8.5.0
vmwarefusion
8.5.1
vmwarefusion
8.5.2
vmwarefusion
8.5.3
vmwarefusion
8.5.4
vmwareworkstation
12.0
vmwareworkstation
12.0.1
vmwareworkstation
12.1
vmwareworkstation
12.1.1
vmwareworkstation
12.5
vmwareworkstation
12.5.1
vmwareworkstation
12.5.2
vmwareworkstation
12.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/96881
http://www.securitytracker.com/id/1038025
https://www.vmware.com/security/advisories/VMSA-2017-0005.html
http://www.securityfocus.com/bid/96881
http://www.securitytracker.com/id/1038025
https://www.vmware.com/security/advisories/VMSA-2017-0005.html