VYPR
← All advisories
Medium severity6.3NVD Advisory· Published Jan 9, 2016· Updated May 6, 2026

CVE-2015-6933

CVE-2015-6933

Description

VMware Tools HGFS (Shared Folders) on Windows guests has a kernel memory corruption vulnerability allowing guest privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

VMware Tools HGFS (Shared Folders) on Windows guests has a kernel memory corruption vulnerability allowing guest privilege escalation.

Vulnerability

The vulnerability is a kernel memory corruption in the VMware Tools HGFS (Shared Folders) feature running on Microsoft Windows guest operating systems. Affected versions include VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0. The issue resides in the HGFS implementation and can be triggered by an authenticated user within the guest OS. [1]

Exploitation

An attacker with user-level access to a Windows guest OS can exploit this vulnerability by leveraging unspecified vectors. No network access or additional authentication beyond guest OS credentials is required. The exploitation occurs locally within the guest environment, targeting the kernel memory corruption in the Shared Folders feature. [1]

Impact

Successful exploitation allows the attacker to escalate privileges within the guest operating system, potentially gaining kernel-level access. This could also lead to a denial of service condition through guest OS kernel memory corruption. Importantly, the vulnerability does not enable escape from the guest to the host; host memory remains unaffected. [1]

Mitigation

Fixed versions are available: VMware Workstation 11.1.2, Player 7.1.2, Fusion 7.1.2, and ESXi 6.0 with patch ESXi600-201601102-SG, ESXi 5.5 with patch ESXi550-201512102-SG, ESXi 5.1 with patch ESXi510-201510102-SG, and ESXi 5.0 with patch ESXi500-201510102-SG. As a workaround, removing the Shared Folders (HGFS) feature from previously installed VMware Tools eliminates the attack vector. [1]

References
  1. Support Content Notification - Support Portal - Broadcom support portal

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

20
  • VMware/Fusion4 versions
    cpe:2.3:a:vmware:fusion:7.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:vmware:fusion:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:7.1.1:*:*:*:*:*:*:*
    • (no CPE)range: <7.1.2
  • VMware/Player4 versions
    cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:player:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:player:7.1.1:*:*:*:*:*:*:*
    • (no CPE)range: <7.1.2
  • VMware/Workstation4 versions
    cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:11.1.1:*:*:*:*:*:*:*
    • (no CPE)range: <11.1.2
  • VMware/Esxi8 versions
    cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*
    • (no CPE)range: 5.0 through 6.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.