a. VMware Workstation DLL loading vulnerability
VMware Workstation Pro/Player contains a DLL loading vulnerability that occurs due to the “vmware-vmx” process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
VMware would like to thank Ivil for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4898 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4898
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4899
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4900
kb.vmware.com/kb/2078735
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
www.vmware.com/security/advisories
twitter.com/VMwareSRC
www.vmware.com/go/downloadplayer
www.vmware.com/go/downloadworkstation
www.vmware.com/support/policies/lifecycle.html
www.vmware.com/support/policies/security_response.html
www.vmware.com/support/pubs/player_pubs.html