VMware Workstation 12.x < 12.5.3 Multiple Vulnerabilities (VMSA-2017-0003)
Medium Nessus Plugin ID 97834
SynopsisA virtualization application installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of VMware Workstation installed on the remote host is 12.x prior to 12.5.3. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in the vmware-vmx process when loading dynamic link library (DLL) files due to searching an insecure path, which was defined in a local environment variable. A local attacker can exploit this, via a specially crafted file injected into the path, to execute arbitrary code with SYSTEM privileges on the host. (CVE-2017-4898)
- An out-of-bounds read error exists in the SVGA driver due to improper validation of certain input. A local attacker can exploit this within a VM to crash it or to disclose sensitive memory contents. (CVE-2017-4899)
- A NULL pointer dereference flaw exists in the SVGA driver due to improper validation of certain input. A local attacker can exploit this within a VM to crash it.
SolutionUpgrade to VMware Workstation version 12.5.3 or later.