PT-2017-2234 · Vmware · Vmware Workstation Player+4

Publicado

2017-03-30

·

Atualizado

2022-02-03

·

CVE-2017-4903

CVSS v3.1

8.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions VMware ESXi versions 5.5 through 6.5 without specified patches VMware Workstation Pro versions 12.x prior to 12.5.5 VMware Workstation Player versions 12.x prior to 12.5.5 VMware Fusion Pro versions 8.x prior to 8.5.6 VMware Fusion versions 8.x prior to 8.5.6
Description The issue is related to an uninitialized stack memory usage in SVGA, which may allow a guest to execute code on the host. This could potentially enable a local attacker to execute arbitrary code in the host system.
Recommendations For VMware ESXi versions 5.5 through 6.5, apply the respective patches (ESXi550-201703401-SG, ESXi600-201703401-SG, ESXi600-201703402-SG, ESXi600-201703403-SG, ESXi650-201703410-SG) to resolve the issue. For VMware Workstation Pro versions 12.x prior to 12.5.5, update to version 12.5.5 or later. For VMware Workstation Player versions 12.x prior to 12.5.5, update to version 12.5.5 or later. For VMware Fusion Pro versions 8.x prior to 8.5.6, update to version 8.5.6 or later. For VMware Fusion versions 8.x prior to 8.5.6, update to version 8.5.6 or later.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2017-01428
CVE-2017-4903
ZDI-17-237

Produtos afetados

Vmware Esxi
Vmware Fusion
Vmware Fusion Pro
Vmware Workstation
Vmware Workstation Player