Vulnerabilities > CVE-2017-4898 - DLL Loading Remote Code Execution vulnerability in Multiple VMware Workstation Products
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
Vulnerable Configurations
Nessus
| NASL family | Windows |
| NASL id | VMWARE_WORKSTATION_MULTIPLE_VMSA_2017_0003.NASL |
| description | The version of VMware Workstation installed on the remote host is 12.x prior to 12.5.3. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the vmware-vmx process when loading dynamic link library (DLL) files due to searching an insecure path, which was defined in a local environment variable. A local attacker can exploit this, via a specially crafted file injected into the path, to execute arbitrary code with SYSTEM privileges on the host. (CVE-2017-4898) - An out-of-bounds read error exists in the SVGA driver due to improper validation of certain input. A local attacker can exploit this within a VM to crash it or to disclose sensitive memory contents. (CVE-2017-4899) - A NULL pointer dereference flaw exists in the SVGA driver due to improper validation of certain input. A local attacker can exploit this within a VM to crash it. (CVE-2017-4900) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 97834 |
| published | 2017-03-20 |
| reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/97834 |
| title | VMware Workstation 12.x < 12.5.3 Multiple Vulnerabilities (VMSA-2017-0003) |