VYPR
Critical severity9.9NVD Advisory· Published Jun 8, 2017· Updated Jun 17, 2026

CVE-2017-4901

CVE-2017-4901

Description

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

20
  • VMware/Fusion11 versions
    cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*
    • (no CPE)range: 8.x prior to 8.5.5.
  • cpe:2.3:a:vmware:workstation:12.0:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:vmware:workstation:12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*
    • (no CPE)range: 12.x prior to 12.5.4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.