CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-4898
https://notcve.org/view.php?id=CVE-2017-4898
07 Jun 2017 — VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed. Workstation Pro/Player versiones 12.x anteriores a 12.5.3 de VMware, contiene una vulnerabilidad de carga de DLL que ocurre debido al proceso "vmware-vmx" que ca... • http://www.securityfocus.com/bid/96772 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-4908 – ThinPrint TPView JPEG2000 Parsing Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4908
19 Apr 2017 — VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtu... • http://www.securityfocus.com/bid/97912 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-4910 – ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Read Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4910
19 Apr 2017 — VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual... • http://www.securityfocus.com/bid/97913 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-4911 – ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4911
19 Apr 2017 — VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtua... • http://www.securityfocus.com/bid/97916 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-7086
https://notcve.org/view.php?id=CVE-2016-7086
29 Dec 2016 — The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory. El instalador en VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows permite a usuarios locales obtener privilegios a través de un archivo Troyano setup64.exe en el directorio de instalación. • http://www.securityfocus.com/bid/92941 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-7081 – ThinPrint TPClnt/TPView Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-7081
29 Dec 2016 — Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. Múltiples desbordamientos de búfer basados en memoria dinámica en VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows, cuando la impresión virtu... • http://www.securityfocus.com/bid/92935 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-7085 – VMWare Player 7.1.3 DLL Hijacking
https://notcve.org/view.php?id=CVE-2016-7085
29 Dec 2016 — Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no confiable en el instalador en VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows permite a usuarios locales obtener privilegios a través de... • https://packetstorm.news/files/id/148784 • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: 27EXPL: 0CVE-2016-7461 – VMware Security Advisory 2016-0019
https://notcve.org/view.php?id=CVE-2016-7461
14 Nov 2016 — The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. La función de arrastrar y soltar (también conocida como DnD) en VMware Workstation Pro 12.x en versiones anteriores a 12.5.2 y VMware Workstation Player 12.x en versione... • http://www.securityfocus.com/bid/94280 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 2CVE-2016-7083 – VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2016-7083
19 Sep 2016 — VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL. VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows, cuando la impresión virtual Cortado ThinPrint está habilit... • https://packetstorm.news/files/id/138777 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 2CVE-2016-7084 – VMware Workstation - 'vprintproxy.exe' JPEG2000 Images Multiple Memory Corruptions
https://notcve.org/view.php?id=CVE-2016-7084
19 Sep 2016 — tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image. tpview.dll en VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows, cuando la impresión virtual Cortado ThinPrint e... • https://packetstorm.news/files/id/138778 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •