VMware Escape Exploit

vendor:

WorkStation

by:

unamer

9,9

CVSS

CRITICAL

Escape Exploit

119

CWE

Product Name: WorkStation

Affected Version From: VMware WorkStation 12.5.5 and before

Affected Version To: VMware WorkStation 12.5.2 build-4638234

Patch Exists: YES

Related CWE: CVE-2017-4901

CPE: a:vmware:workstation

Metasploit: https://www.rapid7.com/db/vulnerabilities/vmsa-2017-0005-cve-2017-4901-player/, https://www.rapid7.com/db/vulnerabilities/vmsa-2017-0005-cve-2017-4901-workstation/, https://www.rapid7.com/db/vulnerabilities/vmsa-2017-0005-cve-2017-4901-fusion/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win10 x64

2017

This exploit is related to VMware WorkStation 12.5.5 and before. It is a heap manipulation exploit which can cause host process crash. It is tested on Win10 x64 and VMware 12.5.2 build-4638234.

Mitigation:

Upgrade to the latest version of VMware WorkStation 12.5.5

Source

VMware Escape Exploit

Mitigation:

Exploit-DB raw data: