Vulnerability CVE-2016-7461
Published: 2016-12-29

Description:
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Vmware -> Fusion pro 
Vmware -> Workstation player 
Vmware -> Fusion 
Vmware -> Workstation pro 

 References:
http://www.securityfocus.com/bid/94280
http://www.securitytracker.com/id/1037282
http://www.vmware.com/security/advisories/VMSA-2016-0019.html
Copyright 2024, cxsecurity.com

 

Back to Top