6.8

CVE-2017-4916

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareWorkstation Player Version12.0.0
   MicrosoftWindows Version-
VMwareWorkstation Pro Version12.0.0
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.95% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 6.8 8 6.9
AV:N/AC:L/Au:S/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://www.vmware.com/security/advisories/VMSA-2017-0009.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98560
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038526
https://www.exploit-db.com/exploits/42140/