| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.6 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in VMware Workstation and Fusion. The impacted element is an unknown function of the component Drag/Drop. Performing a manipulation results in memory corruption. This vulnerability is reported as CVE-2017-4901. The attack requires a local approach. Moreover, an exploit is present. It is recommended to upgrade the affected component.
Details
A vulnerability classified as critical has been found in VMware Workstation and Fusion (Virtualization Software) (version now known). This affects some unknown processing of the component Drag/Drop. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
The bug was discovered 03/14/2017. The weakness was disclosed 06/08/2017 (Website). It is possible to read the advisory at vmware.com. This vulnerability is uniquely identified as CVE-2017-4901 since 12/26/2016. Attacking locally is a requirement. Required for exploitation is a authentication. Technical details are unknown but a public exploit is available.
A public exploit has been developed by unamer in C++ and been published 2 months after the advisory. The exploit is shared for download at github.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 97939 (VMware Fusion 8.x < 8.5.5 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005) (macOS)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family MacOS X Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 370340 (VMware Workstation Pro, VMware Workstation Player and VMware Fusion Out-of-Bounds Memory Access Vulnerability (VMSA-2017-0005)).
Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Exploit-DB (47714), Tenable (97939) and SecurityFocus (BID 96881†). Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.vmware.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.6VulDB Meta Temp Score: 9.1
VulDB Base Score: 9.3
VulDB Temp Score: 8.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.9
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: unamer
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 97939
Nessus Name: VMware Fusion 8.x < 8.5.5 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005) (macOS)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 801027
OpenVAS Name: VMware Fusion Memory Corruption Vulnerability-VMSA-2017-0005 (Mac OS X)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Timeline
12/26/2016 🔍03/14/2017 🔍
03/14/2017 🔍
03/14/2017 🔍
03/24/2017 🔍
06/08/2017 🔍
06/08/2017 🔍
06/08/2017 🔍
07/22/2017 🔍
12/26/2020 🔍
Sources
Vendor: vmware.comAdvisory: vmware.com
Status: Not defined
Confirmation: 🔍
CVE: CVE-2017-4901 (🔍)
GCVE (CVE): GCVE-0-2017-4901
GCVE (VulDB): GCVE-100-102087
SecurityFocus: 96881 - Multiple VMware Products CVE-2017-4901 Memory Corruption Vulnerability
SecurityTracker: 1038025
scip Labs: https://www.scip.ch/en/?labs.20060413
Entry
Created: 06/08/2017 20:21Updated: 12/26/2020 13:36
Changes: 06/08/2017 20:21 (72), 11/27/2019 06:39 (12), 12/26/2020 13:36 (5)
Complete: 🔍
Committer: misc
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.