U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 13 matching records.
Displaying matches 1 through 13.
Vuln ID Summary CVSS Severity
CVE-2017-4950

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.

Published: January 11, 2018; 9:29:00 AM -0500
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2017-4949

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.

Published: January 11, 2018; 9:29:00 AM -0500
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2017-4948

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Published: January 05, 2018; 9:29:10 AM -0500
V3.0: 7.1 HIGH
V2.0: 6.6 MEDIUM
CVE-2017-4945

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.

Published: January 05, 2018; 9:29:10 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Published: January 04, 2018; 8:29:00 AM -0500
V3.1: 5.6 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2017-4941

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

Published: December 20, 2017; 10:29:00 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.0 MEDIUM
CVE-2017-4939

VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.

Published: November 17, 2017; 4:29:00 PM -0500
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-4938

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Published: November 17, 2017; 9:29:00 AM -0500
V3.0: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2017-4937

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.

Published: November 17, 2017; 9:29:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2017-4936

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.

Published: November 17, 2017; 9:29:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2017-4935

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.

Published: November 17, 2017; 9:29:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2017-4934

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.

Published: November 17, 2017; 9:29:00 AM -0500
V3.0: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-4925

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Published: September 15, 2017; 9:29:00 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW