CVE-2016-7083

HIGH

VMware Workstation Pro and Player 12.x - Remote Code Execution via Cortado ThinPrint EMFSPOOL TrueType Fonts

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7083. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit targets a heap-based buffer overflow in VMware Workstation's vprintproxy.exe via malformed TrueType fonts in EMFSPOOL data. The PoC manipulates the NAME table size to trigger a crash or overflow, demonstrating a potential VM escape vector.

Description

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/40398

View Code ZIP pw:eip

This exploit targets a heap-based buffer overflow in VMware Workstation's vprintproxy.exe via malformed TrueType fonts in EMFSPOOL data. The PoC manipulates the NAME table size to trigger a crash or overflow, demonstrating a potential VM escape vector.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: VMware Workstation 12.1.1 build-3770994 (TPView.DLL 9.4.1045.1)

No auth needed

Prerequisites: Access to COM1 in guest VM · VMware Workstation with Virtual Printers enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2016-0014.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036805

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40398/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92934

Scores

CVSS v3 7.8

EPSS 0.0151

EPSS Percentile 71.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (8)

vmware/workstation_player 12.0.0

vmware/workstation_player 12.0.1

vmware/workstation_player 12.1.0

vmware/workstation_player 12.1.1

vmware/workstation_pro 12.0.0

vmware/workstation_pro 12.0.1

vmware/workstation_pro 12.1.0

vmware/workstation_pro 12.1.1

Published Dec 29, 2016

Tracked Since Feb 18, 2026