VMware Workstation 12.x < 12.5.4 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005) (Linux)
High Nessus Plugin ID 97940
SynopsisA virtualization application installed on the remote Linux host is affected by a guest-to-host arbitrary code execution vulnerability.
DescriptionThe version of VMware Workstation installed on the remote Linux host is 12.x prior to 12.5.4. It is, therefore, affected by a guest-to-host arbitrary code execution vulnerability in the drag-and-drop (DND) functionality due to an out-of-bounds memory access error. An attacker within a guest can exploit this issue to execute arbitrary code on the host system.
SolutionUpgrade to VMware Workstation version 12.5.4 or later. Alternatively, disable both the drag-and-drop function and the copy-and-paste function.