Privilege escalation in VMware Workstation and VMware Fusion - CVE-2017-4901
Published: March 15, 2017 / Updated: June 17, 2021
Vulnerability identifier: #VU6082
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-4901
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: VMware, Inc
Affected software:
VMware Workstation
VMware Fusion
VMware Workstation
VMware Fusion
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the guest system.
The weakness exists due to an out-of-bounds memory access in the drag-and-drop (DnD) function in VMware Workstation and Fusion. A local attacker can gain elevated privileges and execute arbitrary code on the affected system.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
The weakness exists due to an out-of-bounds memory access in the drag-and-drop (DnD) function in VMware Workstation and Fusion. A local attacker can gain elevated privileges and execute arbitrary code on the affected system.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2017-4901
Install update from vendor's website.