The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
2017-06-08T13:29:00.187
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 9.9 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | vmware | fusion | 8.0.0 | Yes |
| Application | vmware | fusion | 8.0.1 | Yes |
| Application | vmware | fusion | 8.0.2 | Yes |
| Application | vmware | fusion | 8.1.0 | Yes |
| Application | vmware | fusion | 8.1.1 | Yes |
| Application | vmware | fusion | 8.5.0 | Yes |
| Application | vmware | fusion | 8.5.1 | Yes |
| Application | vmware | fusion | 8.5.2 | Yes |
| Application | vmware | fusion | 8.5.3 | Yes |
| Application | vmware | fusion | 8.5.4 | Yes |
| Application | vmware | workstation | 12.0 | Yes |
| Application | vmware | workstation | 12.0.1 | Yes |
| Application | vmware | workstation | 12.1 | Yes |
| Application | vmware | workstation | 12.1.1 | Yes |
| Application | vmware | workstation | 12.5 | Yes |
| Application | vmware | workstation | 12.5.1 | Yes |
| Application | vmware | workstation | 12.5.2 | Yes |
| Application | vmware | workstation | 12.5.3 | Yes |