PT-2017-16207 · Vmware · Vmware Esxi+2

Published

2017-09-15

Updated

2022-02-03

CVE-2017-4924

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 6.5 without patch ESXi650-201707101-SG VMware Workstation versions 12.x before 12.5.7 VMware Fusion versions 8.x before 8.5.8

Description The issue is an out-of-bounds write vulnerability in the SVGA device, which may allow a guest to execute code on the host.

Recommendations For VMware ESXi version 6.5, apply patch ESXi650-201707101-SG to resolve the issue. For VMware Workstation versions 12.x before 12.5.7, update to version 12.5.7 or later. For VMware Fusion versions 8.x before 8.5.8, update to version 8.5.8 or later.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2017-4924

ZDI-17-738

Affected Products

Vmware Esxi

Vmware Fusion

Vmware Workstation

PT-2017-16207 · Vmware · Vmware Esxi+2

CVE-2017-4924

Weakness Enumeration

Related Identifiers

Affected Products

References · 8