7.8

CVE-2016-5330

Exploit

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareWorkstation Player Version >= 12.1.0 < 12.1.1
VMwareWorkstation Pro Version >= 12.1.0 < 12.1.1
VMwareESXi Version >= 5.0 <= 6.0
VMwareFusion Version >= 8.1 < 8.1.1
   ApplemacOS X Version-
VMwareTools Version >= 9.0.0 <= 10.3.22
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 25.48% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

http://www.securityfocus.com/bid/92323
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036544
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036545
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036619
Third Party Advisory
VDB Entry