VMware Fusion 8.x < 8.5.5 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005) (macOS)
High Nessus Plugin ID 97939
SynopsisA virtualization application installed on the remote macOS or Mac OS X host is affected by a guest-to-host arbitrary code execution vulnerability.
DescriptionThe version of VMware Fusion installed on the remote macOS or Mac OS X host is 8.x prior to 8.5.5. It is, therefore, affected by a guest-to-host arbitrary code execution vulnerability in the drag-and-drop (DND) functionality due to an out-of-bounds memory access error. An attacker within a guest can exploit this issue to execute arbitrary code on the host system.
SolutionUpgrade to VMware Fusion version 8.5.5 or later. Alternatively, disable both the drag-and-drop function and the copy-and-paste function.