Out-of-bounds write in VMware, Inc products - CVE-2017-4924
Published: September 15, 2017
Vulnerability identifier: #VU8443
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4924
CWE-ID: CWE-787
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware ESXi
VMware Workstation
VMware Fusion
VMware ESXi
VMware Workstation
VMware Fusion
Detailed vulnerability description
The vulnerability allows an adjacent attacker to execute arbitrary code.
The weakness exists due to out-of-bounds write in SVGA driver. An adjacent attacker can send specially crafted content and execute arbitrary code on the host system.
The weakness exists due to out-of-bounds write in SVGA driver. An adjacent attacker can send specially crafted content and execute arbitrary code on the host system.
How to mitigate CVE-2017-4924
Install update from vendor's website.