Executive Summary
Summary | |
---|---|
Title | VMware Workstation update addresses multiple security issues |
Informations | |||
---|---|---|---|
Name | VMSA-2017-0003 | First vendor Publication | 2017-03-09 |
Vendor | VMware | Last vendor Modification | 2017-03-09 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. VMware Workstation DLL loading vulnerability VMware Workstation Pro/Player contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable.Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed. VMware would like to thank Ivil for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4898 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. b. VMware Workstation SVGA driver vulnerability VMware Workstation Pro/Player contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed. VMware would like to thank Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4899 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. c. VMware Workstation NULL pointer dereference vulnerability VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware would like to thank Saar Amar(@AmarSaar) for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4900 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2017-0003.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-476 | NULL Pointer Dereference |
50 % | CWE-125 | Out-of-bounds Read |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-03-20 | Name : A virtualization application installed on the remote host is affected by mult... File : vmware_workstation_multiple_vmsa_2017_0003.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-06-13 21:24:14 |
|
2017-06-13 17:22:27 |
|
2017-06-08 00:24:29 |
|
2017-03-21 13:25:55 |
|
2017-03-10 05:23:08 |
|