CVE-2018-6963 – VMware Workstation ghi update Null Pointer Dereference Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-6963
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine. VMware Fusion (versiones 10.x anteriores a la 10.1.2) contiene una vulnerabilidad de omisión de firmas que podría conducir a un escalado de privilegios local. This vulnerability allows local attackers to deny service on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on a guest OS in order to exploit this vulnerability. The specific flaw exists within the ghi.guest.trayIcon.update RPC function. • http://www.securityfocus.com/bid/104237 http://www.securitytracker.com/id/1040957 https://www.vmware.com/security/advisories/VMSA-2018-0013.html • CWE-476: NULL Pointer Dereference •
CVE-2017-4949
https://notcve.org/view.php?id=CVE-2017-4949
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default. VMware Workstation y Fusion contienen una vulnerabilidad de uso de memoria previamente liberada en el servicio VMware NAT cuando el modo IPv6 está habilitado. Este problema puede permitir que un invitado ejecute código en el host. • http://www.securityfocus.com/bid/102489 http://www.securitytracker.com/id/1040161 https://www.vmware.com/security/advisories/VMSA-2018-0005.html • CWE-416: Use After Free •
CVE-2017-4950
https://notcve.org/view.php?id=CVE-2017-4950
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default. VMware Workstation y Fusion contienen una vulnerabilidad de desbordamiento de enteros en el servicio VMware NAT cuando el modo IPv6 está habilitado. Este problema podría conducir a una lectura fuera de límites, que podrá utilizarse para ejecutar código en el host en combinación con otros problemas. • http://www.securityfocus.com/bid/102490 http://www.securitytracker.com/id/1040161 https://www.vmware.com/security/advisories/VMSA-2018-0005.html • CWE-190: Integer Overflow or Wraparound •