CVE-2017-4901

CRITICAL

VMware Workstation/Fusion <12.5.4-8.5.5 - Memory Corruption

Title source: llm

Description

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

Exploits (1)

exploitdb WORKING POC

by unamer · localwindows

https://www.exploit-db.com/exploits/47714

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96881

[Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2017-0005.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038025

Scores

CVSS v3 9.9

EPSS 0.1412

EPSS Percentile 94.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (20)

vmware/fusion 8.0.0

vmware/fusion 8.0.1

vmware/fusion 8.0.2

vmware/fusion 8.1.0

vmware/fusion 8.1.1

vmware/fusion 8.5.0

vmware/fusion 8.5.1

vmware/fusion 8.5.2

vmware/fusion 8.5.3

vmware/fusion 8.5.4

... and 10 more

Published Jun 08, 2017

Tracked Since Feb 18, 2026