Home

CVE-2017-4901

Description

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

Risk Information

Base Score
9.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
12.245

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.0.0Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.0.1Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.0.2Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.1.0Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.1.1Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.0Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.1Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.2Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.3Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.4Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-605160VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160VMware Fusion for MAC 13.0.2 (Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234