CVE-2016-7461

high

VMware

CVSS v3 Base Score

8.8

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.1%

Exploitation probability in 30 days

Top 70% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: December 29, 2016 (3424 days ago)

Last Modified: May 6, 2026

Vendor: VMware

Source: NVD

Description

The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors.

CWE

CWE-119

Affected Products

vmware fusionvmware fusion provmware workstation playervmware workstation pro

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.vmware.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com

CVE-2016-7461

Vulnerability Report

Description

CWE

Affected Products

References