Buffer overflow in Microsoft Windows
CVE-2016-7461
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the hos…
Vulnerability class: Buffer Overflow
EPSS: 0.002 (36.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Microsoft Windows
- Vmware Fusion — versions 8.0.0, 8.0.1, 8.0.2
- Vmware Fusion_pro — versions 8.0.0, 8.0.1, 8.0.2
- Vmware Workstation_player — versions 12.0.0, 12.0.1, 12.1.0
- Vmware Workstation_pro — versions 12.0.0, 12.0.1, 12.1.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 94280 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- security@vmware.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
- 1037282 (vdb-entry, x_refsource_SECTRACK)
Frequently asked questions
- What is CVE-2016-7461?
- CVE-2016-7461 is a high-severity vulnerability in Microsoft Windows, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 8.8/10. Published 2016-12-29.
- How severe is CVE-2016-7461?
- High severity. CVSS v3 base score is 8.8 out of 10.
- Is CVE-2016-7461 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.