This script is Copyright (C) 2017 Tenable Network Security, Inc.
A virtualization application installed on the remote macOS or Mac OS X
host is affected by a guest-to-host arbitrary code execution
The version of VMware Fusion installed on the remote macOS or Mac OS X
host is 8.x prior to 8.5.5. It is, therefore, affected by a
guest-to-host arbitrary code execution vulnerability in the
drag-and-drop (DND) functionality due to an out-of-bounds memory
access error. An attacker within a guest can exploit this issue to
execute arbitrary code on the host system.
See also :
Upgrade to VMware Fusion version 8.5.5 or later. Alternatively,
disable both the drag-and-drop function and the copy-and-paste
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.6
Public Exploit Available : true