CVE-2017-4916

MEDIUM

VMware Workstation Pro/Player - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-4916. PoCs published by Borja Merino.

AI-analyzed exploit summary This PoC exploits a NULL pointer dereference vulnerability in the VMware vstor2 driver by sending a malformed IOCTL request, causing a BSOD due to a double call to IofCompleteRequest. It requires the vixDiskMountServer.exe process to be running.

Description

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Borja Merino · cdoswindows
https://www.exploit-db.com/exploits/42140

This PoC exploits a NULL pointer dereference vulnerability in the VMware vstor2 driver by sending a malformed IOCTL request, causing a BSOD due to a double call to IofCompleteRequest. It requires the vixDiskMountServer.exe process to be running.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: VMware Workstation Pro/Player 12.x
No auth needed
Prerequisites: VMware Workstation Pro/Player 12.x installed · vixDiskMountServer.exe running
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038526
Patch, Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2017-0009.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98560
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42140/

Scores

CVSS v3 6.5
EPSS 0.0495
EPSS Percentile 91.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (3)
VMware/Workstation Pro/Player All 12.x versions prior to version 12.5.6
vmware/workstation_player 12.0.0
vmware/workstation_pro 12.0.0
Published May 22, 2017
Tracked Since Feb 18, 2026