CVE-2017-4898
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/06/2017
Last modified:
20/04/2025
Description
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:vmware:workstation_player:12.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_player:12.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_player:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_player:12.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_player:12.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_player:12.5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:workstation_pro:12.5.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page