8.8

CVE-2017-4898

VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareWorkstation Player Version12.0.0
VMwareWorkstation Player Version12.0.1
VMwareWorkstation Player Version12.1.0
VMwareWorkstation Player Version12.5.0
VMwareWorkstation Player Version12.5.1
VMwareWorkstation Player Version12.5.2
VMwareWorkstation Pro Version12.0.0
VMwareWorkstation Pro Version12.0.1
VMwareWorkstation Pro Version12.1.0
VMwareWorkstation Pro Version12.5.0
VMwareWorkstation Pro Version12.5.1
VMwareWorkstation Pro Version12.5.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.309
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2 6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/bid/96772
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037979
http://www.vmware.com/security/advisories/VMSA-2017-0003.html
Patch
Vendor Advisory