CVE-2017-4915

HIGH

VMware Workstation Pro/Player - Privilege Escalation

Title source: llm

Description

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Google Security Research · clocallinux

https://www.exploit-db.com/exploits/42045

View Code ZIP pw:eip

exploitdb WORKING POC

by bcoles · bashlocalmultiple

https://www.exploit-db.com/exploits/47171

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Jann Horn, bcoles · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/vmware_alsa_config.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98566

[Patch, Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2017-0009.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42045/

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038525

Scores

CVSS v3 7.8

EPSS 0.1156

EPSS Percentile 93.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-863

Status published

Products (3)

vmware/workstation_player 12.0.0

vmware/workstation_pro 12.0.0

VMware/Workstation Pro/Player All 12.x versions prior to version 12.5.6

Published May 22, 2017

Tracked Since Feb 18, 2026