CVE-2017-4916 - VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the v

CVE-2017-4916

Summary

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.

References

Vulnerable Configurations

cpe:2.3:a:vmware:workstation_player:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_player:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-08-2017 - 01:29)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:C

refmap via4

bid	98560
confirm	https://www.vmware.com/security/advisories/VMSA-2017-0009.html
exploit-db	42140
sectrack	1038526

Last major update

13-08-2017 - 01:29

Published

22-05-2017 - 14:29

Last modified

13-08-2017 - 01:29