Detections
Analytics

CVE-2016-5330

high

Description

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

References

http://www.vmware.com/security/advisories/VMSA-2016-0010.html

http://www.securitytracker.com/id/1036619

http://www.securitytracker.com/id/1036545

http://www.securitytracker.com/id/1036544

http://www.securityfocus.com/bid/92323

http://www.securityfocus.com/archive/1/539131/100/0/threaded

http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload

Details

Source: Mitre, NVD

Published: 2016-08-08

Updated: 2021-11-05

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High