CVE-2016-7085
HIGHVMware Workstation Pro and Player 12.x - Untrusted Search Path
Title source: llmDescription
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2016-0014.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036805
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92940
Scores
CVSS v3
7.8
EPSS
0.0014
EPSS Percentile
34.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (8)
vmware/workstation_player
12.0.0
vmware/workstation_player
12.0.1
vmware/workstation_player
12.1.0
vmware/workstation_player
12.1.1
vmware/workstation_pro
12.0.0
vmware/workstation_pro
12.0.1
vmware/workstation_pro
12.1.0
vmware/workstation_pro
12.1.1
Published
Dec 29, 2016
Tracked Since
Feb 18, 2026