vulnerability

VMware Fusion: VMware Workstation and Fusion updates address out-of-bounds memory access vulnerability (VMSA-2017-0005) (CVE-2017-4901)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Mar 15, 2017	Mar 15, 2017	Mar 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Mar 15, 2017

Added

Mar 15, 2017

Modified

Mar 27, 2026

Description

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

Solution

vmware-fusion-upgrade-8_5_5

References

CVE-2017-4901
https://attackerkb.com/topics/CVE-2017-4901
CWE-119
EUVD-EUVD-2017-14018
http://www.vmware.com/security/advisories/VMSA-2017-0005.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-14018

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report