The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
[
{
"product": "Workstation Pro/Player",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.4"
}
]
},
{
"product": "Fusion Pro / Fusion",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "8.x prior to 8.5.5."
}
]
}
]