漏洞类别:Local
漏洞等级: 
漏洞信息
VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems.
VMware Workstation update addresses multiple security issues
A local user on the guest system can create a specially crafted JPEG2000 [CVE-2017-4908] or TrueType Font [CVE-2017-4909] file that, when printed, will trigger a heap overflow in Cortado ThinPrint (TPView.dll) and cause denial of service conditions or execute arbitrary code on the host Windows operating system that is running Workstation.
A local user on the guest system can create a specially crafted JPEG2000 [CVE-2017-4910, CVE-2017-4911] or TrueType Font [CVE-2017-4912] file that, when printed, will trigger an out-of-bounds memory access error in Cortado ThinPrint (TPView.dll) and cause denial of service conditions or execute arbitrary code on the host Windows operating system that is running Workstation.
漏洞危害
A local user on the guest system can cause denial of service conditions on the host system.
A local user on the guest system can gain elevated privileges on the host system.
解决方案
The vendor has issued a fix (12.5.3). For more details refer this advisory VMSA-2017-0008
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论