CVE-2017-4916 - OpenCVE

VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Vmware	Workstation Player Workstation Pro

Configuration 1 [-]

AND

OR	cpe:2.3:a:vmware:workstation_player:12.0.0:::::::*
	cpe:2.3:a:vmware:workstation_pro:12.0.0:::::::*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/98560
http://www.securitytracker.com/id/1038526
https://www.exploit-db.com/exploits/42140/
https://www.vmware.com/security/advisories/VMSA-2017-0009.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2017-05-22T14:00:00

Updated: 2024-08-05T14:47:42.914Z

Reserved: 2016-12-26T00:00:00

Link: CVE-2017-4916

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-05-22T14:29:00.230

Modified: 2017-08-13T01:29:21.037

Link: CVE-2017-4916

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Workstation Pro/Player", "vendor": "VMware", "versions": [{"status": "affected", "version": "All 12.x versions prior to version 12.5.6"}]}], "datePublic": "2017-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine."}], "problemTypes": [{"descriptions": [{"description": "NULL pointer dereference", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-12T09:57:01", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"name": "1038526", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038526"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"}, {"name": "98560", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98560"}, {"name": "42140", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42140/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2017-4916", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Workstation Pro/Player", "version": {"version_data": [{"version_value": "All 12.x versions prior to version 12.5.6"}]}}]}, "vendor_name": "VMware"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "NULL pointer dereference"}]}]}, "references": {"reference_data": [{"name": "1038526", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038526"}, {"name": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"}, {"name": "98560", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98560"}, {"name": "42140", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42140/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:42.914Z"}, "title": "CVE Program Container", "references": [{"name": "1038526", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038526"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"}, {"name": "98560", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98560"}, {"name": "42140", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42140/"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2017-4916", "datePublished": "2017-05-22T14:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2024-08-05T14:47:42.914Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation_player:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8ABE47D4-506C-4132-829B-19A61ED35F4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3E8337D-BC36-4910-A998-309D277D008C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine."}, {"lang": "es", "value": "Workstation Pro/Player de VMware, contiene una vulnerabilidad de desreferencia de un puntero NULL que se presenta en el controlador vstor2. La explotaci\u00f3n con \u00e9xito de este problema puede permitir a los usuarios del host con privilegios de usuario normal desencadenar una denegaci\u00f3n de servicio en una m\u00e1quina host de Windows."}], "id": "CVE-2017-4916", "lastModified": "2017-08-13T01:29:21.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-22T14:29:00.230", "references": [{"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98560"}, {"source": "security@vmware.com", "url": "http://www.securitytracker.com/id/1038526"}, {"source": "security@vmware.com", "url": "https://www.exploit-db.com/exploits/42140/"}, {"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2017-0009.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}