VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Workstation | Vmware | 12.0.0 (including) | 12.0.0 (including) |
| Workstation | Vmware | 12.0.1 (including) | 12.0.1 (including) |
| Workstation | Vmware | 12.1 (including) | 12.1 (including) |
| Workstation | Vmware | 12.1.1 (including) | 12.1.1 (including) |
| Workstation | Vmware | 12.5 (including) | 12.5 (including) |
| Workstation | Vmware | 12.5.0 (including) | 12.5.0 (including) |
| Workstation | Vmware | 12.5.1 (including) | 12.5.1 (including) |
| Workstation | Vmware | 12.5.2 (including) | 12.5.2 (including) |
| Workstation | Vmware | 12.5.3 (including) | 12.5.3 (including) |
| Workstation | Vmware | 12.5.4 (including) | 12.5.4 (including) |
| Workstation | Vmware | 12.5.5 (including) | 12.5.5 (including) |
| Workstation | Vmware | 12.5.6 (including) | 12.5.6 (including) |
| Workstation | Vmware | 12.5.7 (including) | 12.5.7 (including) |
| Workstation | Vmware | 12.5.8 (including) | 12.5.8 (including) |
| Workstation | Vmware | 12.5.9 (including) | 12.5.9 (including) |
| Workstation | Vmware | 14.0 (including) | 14.0 (including) |
References
- http://www.securityfocus.com/bid/102441
- http://www.securitytracker.com/id/1040109
- http://www.securitytracker.com/id/1040136
- https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
- http://www.securityfocus.com/bid/102441
- http://www.securitytracker.com/id/1040109
- http://www.securitytracker.com/id/1040136
- https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html