CVE-2017-4901

Summary

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

Affected Software

VendorProductVersion RangeStatus
VMwareWorkstation Pro/Player12.x prior to 12.5.4affected
VMwareFusion Pro / Fusion8.x prior to 8.5.5.affected

Weaknesses

  • Remote code execution

ADP Enrichment

CVE Program Container

Additional References

References