CVE-2017-4901
CRITICALVMware Workstation/Fusion <12.5.4-8.5.5 - Memory Corruption
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-4901. PoCs published by unamer.
AI-analyzed exploit summary This exploit targets a VMware Escape vulnerability (CVE-2017-4901) affecting VMware Workstation versions before 12.5.5. It manipulates heap memory to escape the virtual machine and execute code on the host system, specifically tested on Windows 10 x64 with VMware 12.5.2.
Description
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
Exploits (1)
This exploit targets a VMware Escape vulnerability (CVE-2017-4901) affecting VMware Workstation versions before 12.5.5. It manipulates heap memory to escape the virtual machine and execute code on the host system, specifically tested on Windows 10 x64 with VMware 12.5.2.
References (3)
Scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H