Vulnerabilities > CVE-2017-4900 - NULL Pointer Dereference vulnerability in VMWare Workstation Player and Workstation PRO
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows |
| NASL id | VMWARE_WORKSTATION_MULTIPLE_VMSA_2017_0003.NASL |
| description | The version of VMware Workstation installed on the remote host is 12.x prior to 12.5.3. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the vmware-vmx process when loading dynamic link library (DLL) files due to searching an insecure path, which was defined in a local environment variable. A local attacker can exploit this, via a specially crafted file injected into the path, to execute arbitrary code with SYSTEM privileges on the host. (CVE-2017-4898) - An out-of-bounds read error exists in the SVGA driver due to improper validation of certain input. A local attacker can exploit this within a VM to crash it or to disclose sensitive memory contents. (CVE-2017-4899) - A NULL pointer dereference flaw exists in the SVGA driver due to improper validation of certain input. A local attacker can exploit this within a VM to crash it. (CVE-2017-4900) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 97834 |
| published | 2017-03-20 |
| reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/97834 |
| title | VMware Workstation 12.x < 12.5.3 Multiple Vulnerabilities (VMSA-2017-0003) |