7.8
CVE-2017-4939
- EPSS 0.17%
- Published 17.11.2017 21:29:00
- Last modified 20.04.2025 01:37:25
- Source security@vmware.com
- Teams watchlist Login
- Open Login
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Workstation Version12.0.0
VMware ≫ Workstation Version12.0.1
VMware ≫ Workstation Version12.1.1
VMware ≫ Workstation Version12.5.0
VMware ≫ Workstation Version12.5.1
VMware ≫ Workstation Version12.5.2
VMware ≫ Workstation Version12.5.3
VMware ≫ Workstation Version12.5.4
VMware ≫ Workstation Version12.5.5
VMware ≫ Workstation Version12.5.6
VMware ≫ Workstation Version12.5.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.354 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.