VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.
2017-11-17T14:29:00.547
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 8.8 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | vmware | workstation | 12.0.0 | Yes |
| Application | vmware | workstation | 12.0.1 | Yes |
| Application | vmware | workstation | 12.1 | Yes |
| Application | vmware | workstation | 12.1.1 | Yes |
| Application | vmware | workstation | 12.5 | Yes |
| Application | vmware | workstation | 12.5.1 | Yes |
| Application | vmware | workstation | 12.5.2 | Yes |
| Application | vmware | workstation | 12.5.3 | Yes |
| Application | vmware | workstation | 12.5.4 | Yes |
| Application | vmware | workstation | 12.5.5 | Yes |
| Application | vmware | workstation | 12.5.6 | Yes |
| Application | vmware | workstation | 12.5.7 | Yes |
| Application | vmware | fusion | 8.0.0 | Yes |
| Application | vmware | fusion | 8.0.1 | Yes |
| Application | vmware | fusion | 8.0.2 | Yes |
| Application | vmware | fusion | 8.1.0 | Yes |
| Application | vmware | fusion | 8.1.1 | Yes |
| Application | vmware | fusion | 8.5.0 | Yes |
| Application | vmware | fusion | 8.5.1 | Yes |
| Application | vmware | fusion | 8.5.2 | Yes |
| Application | vmware | fusion | 8.5.3 | Yes |
| Application | vmware | fusion | 8.5.4 | Yes |
| Application | vmware | fusion | 8.5.5 | Yes |
| Application | vmware | fusion | 8.5.6 | Yes |
| Application | vmware | fusion | 8.5.7 | Yes |
| Application | vmware | fusion | 8.5.8 | Yes |