漏洞类别:Local
漏洞等级: 
漏洞信息
VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems.
A local user on the guest system can trigger a heap overflow in SVGA to execute arbitrary code on the host system [CVE-2017-4902].
A local user on the guest system can trigger an uninitialized stack memory usage error in SVGA to execute arbitrary code on the host system [CVE-2017-4903].
A local user on the guest system can trigger an uninitialized stack memory usage error in the XHCI controller to execute arbitrary code on the host system [CVE-2017-4904].
A local user on the guest system can trigger an uninitialized memory usage error to obtain potentially sensitive information on the host system [CVE-2017-4905].
Affected Versions :
VMware Fusion prior to 8.5.6,
VMware Workstation prior to 12.5.5
漏洞危害
A local user on the guest system can gain elevated privileges on the host system.
A local user on the guest system can obtain potentially sensitive information on the host system.
解决方案
The vendor has issued a fix (Fusion 8.5.6, Workstation 12.5.5).
Refer to VMSA-2017-0006 for further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论