Vulnerabilities > CVE-2017-4899 - Out-of-bounds Read vulnerability in VMWare Workstation Player and Workstation PRO
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
| NASL family | Windows |
| NASL id | VMWARE_WORKSTATION_MULTIPLE_VMSA_2017_0003.NASL |
| description | The version of VMware Workstation installed on the remote host is 12.x prior to 12.5.3. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the vmware-vmx process when loading dynamic link library (DLL) files due to searching an insecure path, which was defined in a local environment variable. A local attacker can exploit this, via a specially crafted file injected into the path, to execute arbitrary code with SYSTEM privileges on the host. (CVE-2017-4898) - An out-of-bounds read error exists in the SVGA driver due to improper validation of certain input. A local attacker can exploit this within a VM to crash it or to disclose sensitive memory contents. (CVE-2017-4899) - A NULL pointer dereference flaw exists in the SVGA driver due to improper validation of certain input. A local attacker can exploit this within a VM to crash it. (CVE-2017-4900) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 97834 |
| published | 2017-03-20 |
| reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/97834 |
| title | VMware Workstation 12.x < 12.5.3 Multiple Vulnerabilities (VMSA-2017-0003) |