CVE-2016-7461 - Vulnerability Details

Vendors	Products
Microsoft	Windows
Vmware	Fusion Fusion Pro Workstation Player Workstation Pro

Link	Providers
http://www.securityfocus.com/bid/94280
http://www.securitytracker.com/id/1037282
http://www.vmware.com/security/advisories/VMSA-2016-0019.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-27T09:57:01", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"name": "94280", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94280"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"}, {"name": "1037282", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037282"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2016-7461", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "94280", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94280"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"}, {"name": "1037282", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037282"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:57:47.638Z"}, "title": "CVE Program Container", "references": [{"name": "94280", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94280"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"}, {"name": "1037282", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037282"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2016-7461", "datePublished": "2016-12-29T09:02:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:47.638Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-11-13T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-07-27T09:57:01 (string)

orgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

shortName : vmware (string)

}

references : [ »

0 : { »

name : 94280 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/94280 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2016-0019.html (string)

}

2 : { »

name : 1037282 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1037282 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@vmware.com (string)

ID : CVE-2016-7461 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 94280 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/94280 (string)

}

1 : { »

name : http://www.vmware.com/security/advisories/VMSA-2016-0019.html (string)

refsource : CONFIRM (string)

url : http://www.vmware.com/security/advisories/VMSA-2016-0019.html (string)

}

2 : { »

name : 1037282 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1037282 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T01:57:47.638Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 94280 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/94280 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2016-0019.html (string)

}

2 : { »

name : 1037282 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1037282 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

assignerShortName : vmware (string)

cveId : CVE-2016-7461 (string)

datePublished : 2016-12-29T09:02:00 (string)

dateReserved : 2016-09-09T00:00:00 (string)

dateUpdated : 2024-08-06T01:57:47.638Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "25BBD4C7-C851-4D40-B6DD-92873319CD28", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "20453B9E-D3AD-403F-B1A5-FB3300FBB0C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6759F732-8E65-49F7-B46C-B1E3F856B11D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDD345B3-810C-41D1-82CE-0CA0B4B1F5DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D91C182F-A8D2-4ABF-B202-261056EF93D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "768A4D3B-CC19-4A3A-91D5-9C974F7F0247", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0C5D443-A330-40DF-939B-10597147CE7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion_pro:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C5E09EA3-24E4-43A2-8AE7-6844A6F8F73A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion_pro:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F62099A3-2331-4F1E-A994-D3CCE2B7171C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion_pro:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "12BA4C61-5604-4354-BD84-CE275EFA8442", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion_pro:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C90A36A-1FA7-45BB-937E-F7A5FD0914A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion_pro:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C384CC3F-EC56-4AA5-835B-ECCCDE2EC17E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion_pro:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "20A7D995-BB46-4464-9E82-D836EDE72DCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion_pro:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "DEB7D35F-6BF1-4076-ABA3-B580CE69D922", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_player:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8ABE47D4-506C-4132-829B-19A61ED35F4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_player:12.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "67CDB0AC-25B6-4397-9784-386C81C37352", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_player:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C48608C8-B7A6-47DD-8C78-44EB2B0D6C0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_player:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1787E49C-19A5-428D-9BEA-5500B3DD60F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E1D4E53-DEB3-4143-B619-4431DB47341F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_player:12.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C83B3D50-43FF-4034-9C75-F44939D60378", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3E8337D-BC36-4910-A998-309D277D008C", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0E91FE31-B442-4EE3-A415-D635A5CCA6C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C67B92FB-CE89-479D-97DF-237C77BF307B", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_pro:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F44F5FBF-DD1D-41F8-A1EC-9720DBC89008", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8A83855-1411-4CA8-A005-5AA58D1CB32A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "3516D484-83AF-470E-9E9A-AFE3BBE4F75D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors."}, {"lang": "es", "value": "La funci\u00f3n de arrastrar y soltar (tambi\u00e9n conocida como DnD) en VMware Workstation Pro 12.x en versiones anteriores a 12.5.2 y VMware Workstation Player 12.x en versiones anteriores a 12.5.2 y VMware Fusion y Fusion Pro 8.x en versiones anteriores a 8.5.2 permite a usuarios invitados de SO ejecutar c\u00f3digo arbitrario en el SO anfitri\u00f3n o provocar una denegaci\u00f3n de servicio (acceso a memoria fuera de l\u00edmites en el SO anfitri\u00f3n) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2016-7461", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-29T09:59:00.697", "references": [{"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94280"}, {"source": "security@vmware.com", "url": "http://www.securitytracker.com/id/1037282"}, {"source": "security@vmware.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94280"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2016-0019.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 25BBD4C7-C851-4D40-B6DD-92873319CD28 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 20453B9E-D3AD-403F-B1A5-FB3300FBB0C0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 6759F732-8E65-49F7-B46C-B1E3F856B11D (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : DDD345B3-810C-41D1-82CE-0CA0B4B1F5DF (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D91C182F-A8D2-4ABF-B202-261056EF93D1 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 768A4D3B-CC19-4A3A-91D5-9C974F7F0247 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A0C5D443-A330-40DF-939B-10597147CE7A (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:vmware:fusion_pro:8.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C5E09EA3-24E4-43A2-8AE7-6844A6F8F73A (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:vmware:fusion_pro:8.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F62099A3-2331-4F1E-A994-D3CCE2B7171C (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:vmware:fusion_pro:8.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 12BA4C61-5604-4354-BD84-CE275EFA8442 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:vmware:fusion_pro:8.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C90A36A-1FA7-45BB-937E-F7A5FD0914A3 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:vmware:fusion_pro:8.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C384CC3F-EC56-4AA5-835B-ECCCDE2EC17E (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:vmware:fusion_pro:8.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 20A7D995-BB46-4464-9E82-D836EDE72DCB (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:vmware:fusion_pro:8.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : DEB7D35F-6BF1-4076-ABA3-B580CE69D922 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:vmware:workstation_player:12.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8ABE47D4-506C-4132-829B-19A61ED35F4A (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:vmware:workstation_player:12.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 67CDB0AC-25B6-4397-9784-386C81C37352 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:vmware:workstation_player:12.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C48608C8-B7A6-47DD-8C78-44EB2B0D6C0C (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:vmware:workstation_player:12.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 1787E49C-19A5-428D-9BEA-5500B3DD60F8 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:vmware:workstation_player:12.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8E1D4E53-DEB3-4143-B619-4431DB47341F (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:vmware:workstation_player:12.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C83B3D50-43FF-4034-9C75-F44939D60378 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E3E8337D-BC36-4910-A998-309D277D008C (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 0E91FE31-B442-4EE3-A415-D635A5CCA6C2 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C67B92FB-CE89-479D-97DF-237C77BF307B (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:vmware:workstation_pro:12.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F44F5FBF-DD1D-41F8-A1EC-9720DBC89008 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B8A83855-1411-4CA8-A005-5AA58D1CB32A (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 3516D484-83AF-470E-9E9A-AFE3BBE4F75D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2CF61F35-5905-4BA9-AD7E-7DB261D2F256 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. (string)

}

1 : { »

lang : es (string)

value : La función de arrastrar y soltar (también conocida como DnD) en VMware Workstation Pro 12.x en versiones anteriores a 12.5.2 y VMware Workstation Player 12.x en versiones anteriores a 12.5.2 y VMware Fusion y Fusion Pro 8.x en versiones anteriores a 8.5.2 permite a usuarios invitados de SO ejecutar código arbitrario en el SO anfitrión o provocar una denegación de servicio (acceso a memoria fuera de límites en el SO anfitrión) a través de vectores no especificados. (string)

}

]

id : CVE-2016-7461 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 7.2 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:L/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2 (number)

impactScore : 6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-12-29T09:59:00.697 (string)

references : [ »

0 : { »

source : security@vmware.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/94280 (string)

}

1 : { »

source : security@vmware.com (string)

url : http://www.securitytracker.com/id/1037282 (string)

}

2 : { »

source : security@vmware.com (string)

tags : [ »

0 : Mitigation (string)

1 : Vendor Advisory (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2016-0019.html (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/94280 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1037282 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mitigation (string)

1 : Vendor Advisory (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2016-0019.html (string)

}

]

sourceIdentifier : security@vmware.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object