This script is Copyright (C) 2017 Tenable Network Security, Inc.
A virtualization application installed on the remote host is affected
by multiple vulnerabilities.
The version of VMware Workstation installed on the remote host is
12.x prior to 12.5.3. It is, therefore, affected by multiple
- A flaw exists in the vmware-vmx process when loading
dynamic link library (DLL) files due to searching an
insecure path, which was defined in a local environment
variable. A local attacker can exploit this, via a
specially crafted file injected into the path, to
execute arbitrary code with SYSTEM privileges on the
- An out-of-bounds read error exists in the SVGA driver
due to improper validation of certain input. A local
attacker can exploit this within a VM to crash it or
to disclose sensitive memory contents. (CVE-2017-4899)
- A NULL pointer dereference flaw exists in the SVGA
driver due to improper validation of certain input. A
local attacker can exploit this within a VM to crash it.
See also :
Upgrade to VMware Workstation version 12.5.3 or later.
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.1
Public Exploit Available : false