CVE-2017-4901

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
vmwarefusion
8.0.0
vmwarefusion
8.0.1
vmwarefusion
8.0.2
vmwarefusion
8.1.0
vmwarefusion
8.1.1
vmwarefusion
8.5.0
vmwarefusion
8.5.1
vmwarefusion
8.5.2
vmwarefusion
8.5.3
vmwarefusion
8.5.4
vmwareworkstation
12.0
vmwareworkstation
12.0.1
vmwareworkstation
12.1
vmwareworkstation
12.1.1
vmwareworkstation
12.5
vmwareworkstation
12.5.1
vmwareworkstation
12.5.2
vmwareworkstation
12.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/96881
http://www.securitytracker.com/id/1038025
https://www.vmware.com/security/advisories/VMSA-2017-0005.html
http://www.securityfocus.com/bid/96881
http://www.securitytracker.com/id/1038025
https://www.vmware.com/security/advisories/VMSA-2017-0005.html