| VID |
23267 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of VMware Workstation installed on the remote Windows host is 12.x prior to 12.5.7. It is, therefore, affected by the following vulnerabilities:
- A remote code execution vulnerability exists in VMware workstation within the SVGA device. An attacker with user access can exploit this to execute arbitrary code. (CVE-2017-4924)
- A denial of service vulnerability exists in VMware workstation due to a NULL pointer deference when handling guest RPC requests. An attacker with guest access can exploit this to crash their VMs. NOTE: This vulnerability only affects VMware Workstation 12.5.2 and below. (CVE-2017-4925)
* References :
https://www.vmware.com/us/security/advisories/VMSA-2017-0015.html |
| Recommendation |
Upgrade to the latest versions of the affected applications(VMware Workstation 12.5.7 or later) available from the VMware Download Web site at http://www.vmware.com/download/ |
| Related URL |
CVE-2017-4924,CVE-2017-4925 (CVE) |
| Related URL |
100842,100843 (SecurityFocus) |
| Related URL |
(ISS) |
|
