CVE-2018-6963
VMware Workstation ghi update Null Pointer Dereference Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.
VMware Fusion (versiones 10.x anteriores a la 10.1.2) contiene una vulnerabilidad de omisión de firmas que podría conducir a un escalado de privilegios local.
This vulnerability allows local attackers to deny service on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on a guest OS in order to exploit this vulnerability.
The specific flaw exists within the ghi.guest.trayIcon.update RPC function. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the guest OS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-14 CVE Reserved
- 2018-05-21 CVE Published
- 2023-05-16 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104237 | Third Party Advisory | |
http://www.securitytracker.com/id/1040957 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2018-0013.html | 2018-06-26 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | >= 10.0 < 10.1.2 Search vendor "Vmware" for product "Fusion" and version " >= 10.0 < 10.1.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | >= 14.0 < 14.1.2 Search vendor "Vmware" for product "Workstation" and version " >= 14.0 < 14.1.2" | - |
Affected
|