CVE-2016-2077

CRITICAL

VMware Player 7.x < 7.1.3 and Workstation 11.x < 11.1.3 - Privilege Escalation via Executable File Access

Title source: llm

Description

VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1035900

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2016-0005.html

Scores

CVSS v3 9.8

EPSS 0.0055

EPSS Percentile 68.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (8)

vmware/player 7.0

vmware/player 7.1

vmware/player 7.1.1

vmware/player 7.1.2

vmware/workstation 11.0

vmware/workstation 11.1

vmware/workstation 11.1.1

vmware/workstation 11.1.2

Published May 18, 2016

Tracked Since Feb 18, 2026