Test ID:	1.3.6.1.4.1.25623.1.0.107210
Category:	Privilege escalation
Title:	Multiple VMware Workstation Products DLL Loading Local Privilege Escalation Vulnerability - Linux
Summary:	VMware Workstation and Horizon View Client are prone to a remote; code execution (RCE) vulnerability (Windows).
Description:	Summary: VMware Workstation and Horizon View Client are prone to a remote code execution (RCE) vulnerability (Windows). Vulnerability Insight: VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine. Vulnerability Impact: Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Affected Software/OS: 12.5.6 Solution: Update to VMWare Workstation Player 12.5.6. Please see the references or vendor advisory for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-4915 BugTraq ID: 98566 http://www.securityfocus.com/bid/98566 https://www.exploit-db.com/exploits/42045/ http://www.securitytracker.com/id/1038525 Common Vulnerability Exposure (CVE) ID: CVE-2017-4916 BugTraq ID: 98560 http://www.securityfocus.com/bid/98560 https://www.exploit-db.com/exploits/42140/ http://www.securitytracker.com/id/1038526
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.