漏洞类别:Local
漏洞等级: 
漏洞信息
VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems.
A local user on a Windows guest system can trigger a heap overflow in Cortado ThinPrint to execute arbitrary code on the Windows host system running VMware Workstation [CVE-2016-7081]. Systems with virtual printing enabled are affected.
A local user on a Windows guest system can trigger a memory corruption error in Cortado ThinPrint ('tpview.dll') in the processing of EMF files [CVE-2016-7082], TrueType fonts embedded in EMFSPOOL [CVE-2016-7083], and JPEG2000 images [CVE-2016-7084] to execute arbitrary code on the Windows host system running VMware Workstation. Systems with virtual printing enabled are affected.
A local user on the host system can exploit a DLL hijacking flaw to execute arbitrary code on the host system [CVE-2016-7085].
Affected Version
VMware Workstation Pro 12.x.x before 12.5,
VMware Workstation Player 12.x.x before 12.5
漏洞危害
A local user on the guest system can gain elevated privileges on the host system.
A local user on the host system can obtain elevated privileges on the host system.
解决方案
The vendor has issued a fix (Workstation Pro 12.5.0, Player 12.5.0).
Refer to VMSA-2016-0014 for further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论