Vulnerability Details : CVE-2016-7083
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2016-7083
Probability of exploitation activity in the next 30 days: 0.12%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 45 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-7083
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.9
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:C |
3.4
|
8.5
|
NIST |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
1.1
|
6.0
|
NIST |
CWE ids for CVE-2016-7083
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7083
-
http://www.securitytracker.com/id/1036805
VMware Workstation/Player Flaws Let Local Guest System Users Gain Elevated Privileges on the Host System - SecurityTracker
-
https://www.exploit-db.com/exploits/40398/
VMware Workstation - 'vprintproxy.exe' TrueType NAME Tables Heap Buffer Overflow (PoC)
-
http://www.securityfocus.com/bid/92934
Multiple VMware Workstation Products Multiple Memory Corruption VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.vmware.com/security/advisories/VMSA-2016-0014.html
VMSA-2016-0014.1Vendor Advisory
Products affected by CVE-2016-7083
- cpe:2.3:a:vmware:workstation_pro:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation_player:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation_player:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation_player:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation_player:12.0.1:*:*:*:*:*:*:*