CVE-2017-4934

Published: Nov 17, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-14051 Aliases: GSD-2017-4934
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,2
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,2th
Updated

EPSS Score Trend (Last 91 Days)

119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Stable
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Memory Read Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)
Applicable Platforms
Languages: Assembly, C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.5.5
cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.1
cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.0.1
cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.0.0
cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.5.6
cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.0.0
cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.5.2
cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.5.6
cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.5.4
cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.5.4
cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.5.5
cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.1.1
cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.0.2
cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.5.8
cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.5.0
cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.5.1
cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.5.7
cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.5.3
cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.5.1
cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.5.2
cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.0.1
cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.1.1
cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.5.3
cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version 8.1.0
cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.5.7
cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation by Vmware

Product Information
Vendor Vmware
Product Workstation
Version 12.5
cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.vmware.com/security/advisories/VMSA-2017-0018.h…
Patch Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2017-0018.html
http://www.securityfocus.com/bid/101903
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101903
http://www.securitytracker.com/id/1039835
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039835
https://www.vmware.com/security/advisories/VMSA-2017-0018.h…
Patch Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2017-0018.html
http://www.securityfocus.com/bid/101903
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101903
http://www.securitytracker.com/id/1039835
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039835