CVE-2016-2077

VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id/1035900
http://www.vmware.com/security/advisories/VMSA-2016-0005.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:vmware:player:7.0:::::::*
	cpe:2.3:a:vmware:player:7.1:::::::*
	cpe:2.3:a:vmware:player:7.1.1:::::::*
	cpe:2.3:a:vmware:player:7.1.2:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:vmware:workstation:11.0:::::::*
	cpe:2.3:a:vmware:workstation:11.1:::::::*
	cpe:2.3:a:vmware:workstation:11.1.1:::::::*
	cpe:2.3:a:vmware:workstation:11.1.2:::::::*

History

No history.

Information

Published : 2016-05-18 14:59

Updated : 2016-12-01 03:08

NVD link : CVE-2016-2077

Mitre link : CVE-2016-2077

CVE.ORG link : CVE-2016-2077

JSON object : View

Products Affected

vmware

player
workstation

microsoft

windows

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2016-2077", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2016-05-18T14:59:04.427", "references": [{"url": "http://www.securitytracker.com/id/1035900", "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2016-0005.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors."}, {"lang": "es", "value": "VMware Workstation 11.x en versiones anteriores a 11.1.3 y VMwaere Player 7.x en versiones anteriores a 7.1.3 en Windows acceden incorrectamente a un archivo ejecutable, lo que permite a los usuarios del SO anfitri\u00f3n obtener los privilegios del anfitri\u00f3n del sistema operativo a trav\u00e9s de vectores no especificados."}], "lastModified": "2016-12-01T03:08:34.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93872771-BD86-4707-926B-F6C3577C33A4"}, {"criteria": "cpe:2.3:a:vmware:player:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B52D8903-B853-43A2-88C3-D79BBA70F8CA"}, {"criteria": "cpe:2.3:a:vmware:player:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78016ED4-AEA7-4E54-8986-E997000CD646"}, {"criteria": "cpe:2.3:a:vmware:player:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC7D0356-0C56-413C-B626-B3DF8275F53D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "492D7AD2-D660-48F5-A9BE-28CCA6A6B658"}, {"criteria": "cpe:2.3:a:vmware:workstation:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90F0250C-EE18-486B-90D7-348FEF01C2D3"}, {"criteria": "cpe:2.3:a:vmware:workstation:11.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E33E15C-62ED-4E24-AB00-0632C8A90C6E"}, {"criteria": "cpe:2.3:a:vmware:workstation:11.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C761DD95-A3CC-4998-B2F2-93F429BDF250"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}