← Back

CVE-2017-4939

nvd nist
Published: Nov 17, 2017Modified: May 13, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.

Affected (11)

Products: Vmware: Workstation
Vmware
1 product
Workstation
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Vmware
Workstation
Version 12.0.0
Workstation
Version 12.0.1
Workstation
Version 12.1.1
Workstation
Version 12.5.0
Workstation
Version 12.5.1
Workstation
Version 12.5.2
Workstation
Version 12.5.3
Workstation
Version 12.5.4
Workstation
Version 12.5.5
Workstation
Version 12.5.6
Workstation
Version 12.5.7

Related CWEs

CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (4)

Source: security@vmware.com
Third Party AdvisoryVDB Entry
Source: security@vmware.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.