Today VMware has released the following new security advisory:
VMSA-2017-0003 – VMware Workstation update addresses multiple security issues
The advisory documents an important severity DLL loading issue (CVE-2017-4898) and two moderate severity security issues (CVE-2017-4899 and CVE-2017-4900) in the SVGA driver of VMware Workstation Pro/Player. All versions of Workstation Pro/Player 12.x are affected.
Issue a is DLL hijacking issue that occurs due to the “vmware-vmx” process loading DLLs from a path defined in the local environment-variable and can be exploited to escalate privileges to System by normal users in the host machine where VMware Workstation is installed.
Issue b exists in the SVGA driver and can be triggered only when the host has no graphics card or no graphics drivers are installed. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read.
Issue c is a NULL pointer dereference vulnerability in SVGA driver and may allow attackers with normal user privileges to crash their VMs.
Workstation Pro/Player 12.5.3 fixes all these issues.
VMware would like to thank Ivil, Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent and Saar Amar (@AmarSaar) for reporting these issues to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.