CVE-2017-4902 – VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4902
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. Wmware ESXi sin el parche ESXi650-201703410-SG y 5.5 sin el parche ESXi550-201703401-SG; Workstation Pro / Player 12.x anterior a 12.5.5 y Fusion Pro /Fusion 8.x anterior a la 8.5.6 tiene un buffer overflow basado en el heap --heap-- en SVGA. Este problema permitiría a un huésped ejecutar código en el host. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/97163 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7086
https://notcve.org/view.php?id=CVE-2016-7086
The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory. El instalador en VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows permite a usuarios locales obtener privilegios a través de un archivo Troyano setup64.exe en el directorio de instalación. • http://www.securityfocus.com/bid/92941 http://www.securitytracker.com/id/1036805 http://www.vmware.com/security/advisories/VMSA-2016-0014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-7081 – ThinPrint TPClnt/TPView Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-7081
Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. Múltiples desbordamientos de búfer basados en memoria dinámica en VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows, cuando la impresión virtual Cortado ThinPrint está habilitada, permiten a usuarios invitados del SO ejecutar código arbitrario en el SO anfitrión a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of ThinPrint. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of print requests. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a heap-based buffer. • http://www.securityfocus.com/bid/92935 http://www.securitytracker.com/id/1036805 http://www.vmware.com/security/advisories/VMSA-2016-0014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7085 – VMWare Player 7.1.3 DLL Hijacking
https://notcve.org/view.php?id=CVE-2016-7085
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no confiable en el instalador en VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows permite a usuarios locales obtener privilegios a través de un Troyano DLL en un directorio no especificado. VMWare Player version 7.1.3 suffers from a dll hijacking vulnerability. • http://www.securityfocus.com/bid/92940 http://www.securitytracker.com/id/1036805 http://www.vmware.com/security/advisories/VMSA-2016-0014.html • CWE-426: Untrusted Search Path •
CVE-2016-7461
https://notcve.org/view.php?id=CVE-2016-7461
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. La función de arrastrar y soltar (también conocida como DnD) en VMware Workstation Pro 12.x en versiones anteriores a 12.5.2 y VMware Workstation Player 12.x en versiones anteriores a 12.5.2 y VMware Fusion y Fusion Pro 8.x en versiones anteriores a 8.5.2 permite a usuarios invitados de SO ejecutar código arbitrario en el SO anfitrión o provocar una denegación de servicio (acceso a memoria fuera de límites en el SO anfitrión) a través de vectores no especificados. • http://www.securityfocus.com/bid/94280 http://www.securitytracker.com/id/1037282 http://www.vmware.com/security/advisories/VMSA-2016-0019.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •