exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VMware Security Advisory 2016-0019

VMware Security Advisory 2016-0019
Posted Nov 14, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0019 - VMware Workstation and Fusion updates address a critical out-of-bounds memory access vulnerability.

tags | advisory
advisories | CVE-2016-7461
SHA-256 | 4dcb01dc71f4c3ef8e79650ea56bdb93fd311f72d9cedc07f0802b1354a0cfbd

VMware Security Advisory 2016-0019

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2016-0019
Severity: Critical
Synopsis: VMware Workstation and Fusion updates address critical
out-of-bounds memory access vulnerability
Issue date: 2016-11-13
Updated on: 2016-11-13 (Initial Advisory)
CVE number: CVE-2016-7461

1. Summary

VMware Workstation and Fusion updates address address critical
out-of-bounds memory access vulnerability.

2. Relevant Products

VMware Workstation Pro / Player
VMware Fusion Pro / Fusion

3. Problem Description

a. VMware Workstation and Fusion out-of-bounds memory access

The drag-and-drop (DnD) function in VMware Workstation and Fusion has
an out-of-bounds memory access vulnerability. This may allow a guest
to execute code on the operating system that runs Workstation or
Fusion.

Workaround
On Workstation Pro and Fusion, the issue cannot be exploited if both
the drag-and-drop function and the copy-and-paste (C&P) function are
disabled. Refer to the Reference section on documentation how to
disable these functions. This workaround is not available on
Workstation Player.

VMware would like to thank Qinghao Tang and Xinlei Ying from the
360 Marvel Team and lokihardt, all working with the organizers of
PwnFest for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-7461 to this issue.

Column 5 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware Product Running Replace with/ Mitigation
Product Version on Severity Apply patch Workaround
=========== ======== ======== ======== ============= ===========
Workstation 12.x Any Critical 12.5.2 Disable
Pro DnD and C&P

Workstation 12.x Any Critical 12.5.2 None
Player

Fusion Pro 8.x Mac OS X Critical 8.5.2 Disable
Fusion DnD and C&P

ESXi Any ESXi N/A Not affected N/A


4. Solution

Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.

VMware Workstation Pro 12.5.2
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://www.vmware.com/support/pubs/ws_pubs.html

VMware Workstation Player 12.5.2
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://www.vmware.com/support/pubs/player_pubs.html

VMware Fusion Pro / Fusion 8.5.2
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://www.vmware.com/support/pubs/fusion_pubs.html

5. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7461

Workaround documentation

Workstation Pro: Disabling drag-and-drop and copy-and-paste
functionality

http://pubs.vmware.com/workstation-12/topic/com.vmware.ICbase/PDF/workstati
on-pro-12-user-guide.pdf
(page 81 and 82)

Fusion: Disabling drag-and-drop and copy-and-paste functionality

http://pubs.vmware.com/fusion-8/topic/com.vmware.ICbase/PDF/fusion-8-user-g
uide.pdf
(page 135)

- ------------------------------------------------------------------------

6. Change log

2016-11-13 VMSA-2016-0019
Initial security advisory in conjunction with the release of VMware
Workstation Pro/Player 12.5.2 and VMware Fusion Pro, Fusion 8.5.2 on
2016-11-13.

- ------------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC

Copyright 2016 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFYKV+RDEcm8Vbi9kMRArbcAJ9gO4MdeaIYECV3muh613FJ45ZYrACfSFgD
5VhdugdkxotCkv/4vGwyNqY=
=N8Vd
-----END PGP SIGNATURE-----?



Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close