What is CVE-2016-2077?

CVE-2016-2077 is a critical-severity vulnerability in Microsoft Windows, classified under CWE-264. CVSS score: 9.8/10. Published 2016-05-18.

How severe is CVE-2016-2077?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Microsoft Windows

CVE-2016-2077

VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.

EPSS: 0.006 (68.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Microsoft Windows
Vmware Player — versions 7.0, 7.1, 7.1.1
Vmware Workstation — versions 11.0, 11.1, 11.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

1035900 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-2077?: CVE-2016-2077 is a critical-severity vulnerability in Microsoft Windows, classified under CWE-264. CVSS score: 9.8/10. Published 2016-05-18.
How severe is CVE-2016-2077?: Critical severity. CVSS v3 base score is 9.8 out of 10.