CVE-2017-4915

Description

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.

Affected products

• VMware / Workstation Pro / PlayerAll 12.x versions prior to version 12.5.6 – All 12.x versions prior to version 12.5.6

References

• MISChttp://www.securityfocus.com/bid/98566
• VENDOR_ADVISORYhttps://www.vmware.com/security/advisories/VMSA-2017-0009.html
• MISChttp://www.securitytracker.com/id/1038525
• EXPLOIThttps://www.exploit-db.com/exploits/42045/