#VU8444 Null pointer dereference in VMware, Inc products - CVE-2017-4925
Published: September 15, 2017
Vulnerability identifier: #VU8444
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4925
CWE-ID: CWE-476
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
VMware ESXi
VMware Workstation
VMware Fusion
VMware ESXi
VMware Workstation
VMware Fusion
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows an adjacent attacker to cause DoS condition on the host system.
The weakness exists due to NULL pointer dereference when handling malicious content. An adjacent attacker can send specially crafted RPC requests and cause the applications to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to NULL pointer dereference when handling malicious content. An adjacent attacker can send specially crafted RPC requests and cause the applications to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.