#VU6617 Null pointer dereference in VMware Workstation - CVE-2017-4916
Published: May 22, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU6617
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-4916
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
VMware Workstation
VMware Workstation
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows a local attacker to cause DoS condition on the Windows host machine.
The weakness exists due to NULL pointer dereference in the vstor2 driver. An local attacker can cause a Windows host machine to become unresponsive or crash.
Successful exploitation of the vulnerability may result in denial of service.
The weakness exists due to NULL pointer dereference in the vstor2 driver. An local attacker can cause a Windows host machine to become unresponsive or crash.
Successful exploitation of the vulnerability may result in denial of service.
Remediation
Update to version 12.5.6.