// For flags

CVE-2017-4902

VMware Workstation SVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

Wmware ESXi sin el parche ESXi650-201703410-SG y 5.5 sin el parche ESXi550-201703401-SG; Workstation Pro / Player 12.x anterior a 12.5.5 y Fusion Pro /Fusion 8.x anterior a la 8.5.6 tiene un buffer overflow basado en el heap --heap-- en SVGA. Este problema permitiría a un huésped ejecutar código en el host.

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of SVGA graphics. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to elevate privileges and execute arbitrary code under the context of the hypervisor.

*Credits: 360 Security
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-26 CVE Reserved
  • 2017-03-30 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-09-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
Fusion
Search vendor "Vmware" for product "Fusion"
>= 8.0.0 < 8.5.6
Search vendor "Vmware" for product "Fusion" and version " >= 8.0.0 < 8.5.6"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Vmware
Search vendor "Vmware"
Fusion Pro
Search vendor "Vmware" for product "Fusion Pro"
>= 8.0.0 < 8.5.6
Search vendor "Vmware" for product "Fusion Pro" and version " >= 8.0.0 < 8.5.6"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Vmware
Search vendor "Vmware"
Workstation Player
Search vendor "Vmware" for product "Workstation Player"
>= 12.0.0 < 12.5.5
Search vendor "Vmware" for product "Workstation Player" and version " >= 12.0.0 < 12.5.5"
-
Affected
Vmware
Search vendor "Vmware"
Workstation Pro
Search vendor "Vmware" for product "Workstation Pro"
>= 12.0.0 < 12.5.5
Search vendor "Vmware" for product "Workstation Pro" and version " >= 12.0.0 < 12.5.5"
-
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
5.5
Search vendor "Vmware" for product "Esxi" and version "5.5"
-
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
5.5
Search vendor "Vmware" for product "Esxi" and version "5.5"
1
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
5.5
Search vendor "Vmware" for product "Esxi" and version "5.5"
2
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
5.5
Search vendor "Vmware" for product "Esxi" and version "5.5"
3a
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
5.5
Search vendor "Vmware" for product "Esxi" and version "5.5"
3b
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
-
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201701001
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201703001
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201703002
Affected