Main Vulnerability Database Vulnerabilities #VU437

Arbitrary code execution - CVE-2016-7080

Published: September 14, 2016

Vulnerability identifier: #VU437

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-7080

CWE-ID: CWE-250

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a local user with elevated privileges to cause arbitrary code execution on the guest system.
The weakness exists due to null pointer dereference in the graphic acceleration functions. The vulnerability helps a malicious user to trigger arbitrary code execution on the target system.
Successful exploitation of the weakness may result in arbitrary code execution on the vulnerable system.

How to mitigate CVE-2016-7080

Update to 10.0.9.

Sources

http://www.vmware.com/security/advisories/VMSA-2016-0014.html

Arbitrary code execution - CVE-2016-7080

Detailed vulnerability description

How to mitigate CVE-2016-7080

Sources

Please verify you're human