CVE-2017-4902 – VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2017-4902

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. Wmware ESXi sin el parche ESXi650-201703410-SG y 5.5 sin el parche ESXi550-201703401-SG; Workstation Pro / Player 12.x anterior a 12.5.5 y Fusion Pro /Fusion 8.x anterior a la 8.5.6 tiene un buffer overflow basado en el heap --heap-- en SVGA. Este problema permitiría a un huésped ejecutar código en el host. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/97163 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •