CVE-2016-2077

moderate-risk

Published 2016-05-18

VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.

Do I need to act?

0.55% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (8)

Player

Workstation

Player

Workstation

Affected Vendors

Vmware

References (4)

http://www.securitytracker.com/id/1035900

Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2016-0005.html

http://www.securitytracker.com/id/1035900

Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2016-0005.html

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 14/34 · Moderate