This script is Copyright (C) 2016 Tenable Network Security, Inc.
A virtualization application installed on the remote host is affected
by an arbitrary code execution vulnerability.
The version of VMware Player installed on the remote host is 12.1.x
prior to 12.1.1. It is, therefore, affected by an arbitrary code
execution vulnerability in the Shared Folders (HGFS) feature due to
improper loading of Dynamic-link library (DLL) files from insecure
paths, including the current working directory, which may not be under
user control. A remote attacker can exploit this vulnerability, by
placing a malicious DLL in the path or by convincing a user into
opening a file on a network share, to inject and execute arbitrary
code in the context of the current user.
See also :
Upgrade to VMware Player 12.1.1 or later.
Note that VMware Tools on Windows-based guests that use the Shared
Folders (HGFS) feature must also be updated to completely mitigate the
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true