Summary
| Detail | |||
|---|---|---|---|
| Vendor | Vmware | First view | 2017-06-07 |
| Product | Workstation Player | Last view | 2022-02-16 |
| Version | 12.5.2 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:vmware:workstation_player | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.7 | 2022-02-16 | CVE-2021-22040 | VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
| 7.7 | 2020-10-20 | CVE-2020-3982 | VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. |
| 6.5 | 2020-09-16 | CVE-2020-3990 | VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. |
| 3.3 | 2020-09-16 | CVE-2020-3989 | VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. |
| 6.1 | 2020-09-16 | CVE-2020-3988 | VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. |
| 6.1 | 2020-09-16 | CVE-2020-3987 | VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. |
| 6.1 | 2020-09-16 | CVE-2020-3986 | VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMF Parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. |
| 5.3 | 2018-03-15 | CVE-2018-6957 | VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled. |
| 8.8 | 2017-06-07 | CVE-2017-4903 | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host. |
| 8.8 | 2017-06-07 | CVE-2017-4902 | VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. |
| 5.5 | 2017-06-07 | CVE-2017-4900 | VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. |
| 8.8 | 2017-06-07 | CVE-2017-4898 | VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 30% (4) | CWE-125 | Out-of-bounds Read |
| 15% (2) | CWE-787 | Out-of-bounds Write |
| 15% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 7% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
| 7% (1) | CWE-476 | NULL Pointer Dereference |
| 7% (1) | CWE-416 | Use After Free |
| 7% (1) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 7% (1) | CWE-190 | Integer Overflow or Wraparound |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-11-16 | Name: A virtualisation application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2018_0008.nasl - Type: ACT_GATHER_INFO |
| 2017-03-31 | Name: The remote VMware ESXi 6.0 host is affected by multiple vulnerabilities. File: vmware_esxi_6_0_build_5251621_remote.nasl - Type: ACT_GATHER_INFO |
| 2017-03-31 | Name: The remote VMware ESXi 6.5 host is affected by multiple vulnerabilities. File: vmware_esxi_6_5_build_5224529_remote.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: A virtualization application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2017_0006.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: The remote VMware ESXi host is missing one or more security-related patches. File: vmware_VMSA-2017-0006.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: A virtualization application installed on the remote Linux host is affected b... File: vmware_workstation_linux_vmsa_2017_0006.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: A virtualization application installed on the remote Windows host is affected... File: vmware_workstation_win_vmsa_2017_0006.nasl - Type: ACT_GATHER_INFO |
| 2017-03-20 | Name: A virtualization application installed on the remote host is affected by mult... File: vmware_workstation_multiple_vmsa_2017_0003.nasl - Type: ACT_GATHER_INFO |
