VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
2017-06-07T18:29:00.210
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 8.8 (HIGH)
AV:L/AC:M/Au:N/C:C/I:C/A:C
3.4
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | vmware | workstation_player | 12.0.0 | Yes |
| Application | vmware | workstation_player | 12.0.1 | Yes |
| Application | vmware | workstation_player | 12.1.0 | Yes |
| Application | vmware | workstation_player | 12.5.0 | Yes |
| Application | vmware | workstation_player | 12.5.1 | Yes |
| Application | vmware | workstation_player | 12.5.2 | Yes |
| Application | vmware | workstation_pro | 12.0.0 | Yes |
| Application | vmware | workstation_pro | 12.0.1 | Yes |
| Application | vmware | workstation_pro | 12.1.0 | Yes |
| Application | vmware | workstation_pro | 12.5.0 | Yes |
| Application | vmware | workstation_pro | 12.5.1 | Yes |
| Application | vmware | workstation_pro | 12.5.2 | Yes |