Description
VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041291
Patch, Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2018-0017.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104737
Scores
CVSS v3
7.0
EPSS
0.0007
EPSS Percentile
22.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (1)
vmware/tools
< 10.3.0
Published
Jul 13, 2018
Tracked Since
Feb 18, 2026