CVE-2017-4916 – VMware Workstation 12 Pro - Denial of Service
https://notcve.org/view.php?id=CVE-2017-4916
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine. Workstation Pro/Player de VMware, contiene una vulnerabilidad de desreferencia de un puntero NULL que se presenta en el controlador vstor2. La explotación con éxito de este problema puede permitir a los usuarios del host con privilegios de usuario normal desencadenar una denegación de servicio en una máquina host de Windows. VMware Workstation version 12 Pro suffers from a null pointer dereference in the vstor2 driver. • https://www.exploit-db.com/exploits/42140 http://www.securityfocus.com/bid/98560 http://www.securitytracker.com/id/1038526 https://www.vmware.com/security/advisories/VMSA-2017-0009.html • CWE-476: NULL Pointer Dereference •
CVE-2017-4903 – VMware Workstation SVGA Uninitialized Memory Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4903
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host. ESXi versiones 6.5 sin el parche ESXi650-201703410-SG, 6.0 U3 sin el parche ESXi600-201703401-SG, 6.0 U2 sin el parche ESXi600-201703403-SG, 6.0 U1 sin el parche ESXi600-201703402-SG, y 5.5 sin el parche ESXi550-20-20170140; Workstation Pro / Player versión 12.x anterior de 12.5.5; y Fusion Pro / Fusion versiones 8.x anterior a 8.5.6 de VMware, presenta un uso de memoria de la pila no inicializada en SVGA. Este problema puede permitir a un invitado ejecutar código en el host. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/97160 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-4904 – VMware Workstation Uninitialized Memory Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4904
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5. El controlador XHCI en ESXi versiones 6.5 sin parche ESXi650-201703410-SG, 6.0 U3 sin parche ESXi600-201703401-SG, 6.0 U2 sin parche ESXi600-201703403-SG, 6.0 U1 sin parche ESXi600-201703402-SG, y 5.5 sin parche ESXi550 -201703401-SG; Workstation Pro / Player versiones 12.x anteriores a 12.5.5; y Fusion Pro / Fusion versiones 8.x anteriores a 8.5.6 de VMware, presenta un uso de memoria no inicializada. Este problema puede permitir a un invitado ejecutar código en el host. • http://www.securityfocus.com/bid/97165 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-4905 – VMware Workstation Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-4905
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak. ESXi versiones 6.5 sin parche ESXi650-201703410-SG, 6.0 U3 sin parche ESXi600-201703401-SG, 6.0 U2 sin parche ESXi600-201703403-SG, 6.0 U1 sin parche ESXi600-201703402-SG, 5.5 sin parche ESXi550-201701401-SG; Workstation Pro / Player versiones 12.x anteriores a 12.5.5; y Fusion Pro / Fusion versiones 8.x anteriores a 8.5.6 de VMware, presenta un uso de memoria no inicializada. Este problema puede conducir a un filtrado de información. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. • https://www.exploit-db.com/exploits/47715 http://www.securityfocus.com/bid/97164 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-908: Use of Uninitialized Resource •
CVE-2017-4902 – VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-4902
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. Wmware ESXi sin el parche ESXi650-201703410-SG y 5.5 sin el parche ESXi550-201703401-SG; Workstation Pro / Player 12.x anterior a 12.5.5 y Fusion Pro /Fusion 8.x anterior a la 8.5.6 tiene un buffer overflow basado en el heap --heap-- en SVGA. Este problema permitiría a un huésped ejecutar código en el host. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. • http://www.securityfocus.com/bid/97163 http://www.securitytracker.com/id/1038148 http://www.securitytracker.com/id/1038149 http://www.vmware.com/security/advisories/VMSA-2017-0006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •