What is CVE-2016-7085?

CVE-2016-7085 is a high-severity vulnerability in Microsoft Windows, classified under Untrusted Search Path. CVSS score: 7.8/10. Published 2016-12-29.

How severe is CVE-2016-7085?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Microsoft Windows

CVE-2016-7085

Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified di…

EPSS: 0.001 (34.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Microsoft Windows
Vmware Workstation_player — versions 12.0.0, 12.0.1, 12.1.0
Vmware Workstation_pro — versions 12.0.0, 12.0.1, 12.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-426 — Untrusted Search Path

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
1036805 (vdb-entry, x_refsource_SECTRACK)
92940 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-7085?: CVE-2016-7085 is a high-severity vulnerability in Microsoft Windows, classified under Untrusted Search Path. CVSS score: 7.8/10. Published 2016-12-29.
How severe is CVE-2016-7085?: High severity. CVSS v3 base score is 7.8 out of 10.