VMware Player 12.x < 12.5.4 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005)
High Nessus Plugin ID 97990
SynopsisA virtualization application installed on the remote Windows host is affected by a guest-to-host arbitrary code execution vulnerability.
DescriptionThe version of VMware Player installed on the remote Windows host is 12.x prior to 12.5.4. It is, therefore, affected by a guest-to-host arbitrary code execution vulnerability in the drag-and-drop (DND) functionality due to an out-of-bounds memory access error. An attacker within a guest can exploit this issue to execute arbitrary code on the host system.
SolutionUpgrade to VMware Player version 12.5.4 or later.