What is the severity of CVE-2017-4902?

CVE-2017-4902 is classified as critical due to the potential for guest code execution on the host.

How do I fix CVE-2017-4902?

To fix CVE-2017-4902, you should apply the appropriate patches: ESXi650-201703410-SG for ESXi 6.5 and ESXi550-201703401-SG for ESXi 5.5.

What products are affected by CVE-2017-4902?

CVE-2017-4902 affects VMware ESXi versions 5.5 and 6.5, as well as VMware Workstation Pro/Player 12.x and Fusion Pro/Fusion 8.x prior to specified versions.

Can CVE-2017-4902 be exploited remotely?

Yes, CVE-2017-4902 can potentially be exploited remotely by a malicious guest to execute arbitrary code on the host system.

What type of vulnerability is CVE-2017-4902?

CVE-2017-4902 is a heap buffer overflow vulnerability in the SVGA component of VMware products.

Vulnerability/
CVE-2017-4902

high

8.8

CWE

119

7/6/2017

3/2/2022

CVE-2017-4902: Buffer Overflow

First published: Wed Jun 07 2017(Updated: )

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
VMware Workstation Player	>=12.0.0<12.5.5
VMware Workstation Pro	>=12.0.0<12.5.5
VMware ESXi	=5.5
VMware ESXi	=5.5-1
VMware ESXi	=5.5-2
VMware ESXi	=5.5-3a
VMware ESXi	=5.5-3b
VMware ESXi	=6.5
VMware ESXi	=6.5-650-201701001
VMware ESXi	=6.5-650-201703001
VMware ESXi	=6.5-650-201703002
VMware Fusion Pro	>=8.0.0<8.5.6
VMware Fusion Pro	>=8.0.0<8.5.6
Apple iOS and macOS

Remedy

http://www.vmware.com/security/advisories/VMSA-2017-0006.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-4902?
CVE-2017-4902 is classified as critical due to the potential for guest code execution on the host.
How do I fix CVE-2017-4902?
To fix CVE-2017-4902, you should apply the appropriate patches: ESXi650-201703410-SG for ESXi 6.5 and ESXi550-201703401-SG for ESXi 5.5.
What products are affected by CVE-2017-4902?
CVE-2017-4902 affects VMware ESXi versions 5.5 and 6.5, as well as VMware Workstation Pro/Player 12.x and Fusion Pro/Fusion 8.x prior to specified versions.
Can CVE-2017-4902 be exploited remotely?
Yes, CVE-2017-4902 can potentially be exploited remotely by a malicious guest to execute arbitrary code on the host system.
What type of vulnerability is CVE-2017-4902?
CVE-2017-4902 is a heap buffer overflow vulnerability in the SVGA component of VMware products.

agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/description
agent/severity
agent/weakness
agent/remedy
agent/author
agent/event
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/vmware
canonical/vmware workstation player
version/vmware workstation player/12.0.0
canonical/vmware workstation pro
version/vmware workstation pro/12.0.0
canonical/vmware esxi
version/vmware esxi/5.5
version/vmware esxi/5.5-1
version/vmware esxi/5.5-2
version/vmware esxi/5.5-3a
version/vmware esxi/5.5-3b
version/vmware esxi/6.5
version/vmware esxi/6.5-650-201701001
version/vmware esxi/6.5-650-201703001
version/vmware esxi/6.5-650-201703002
canonical/vmware fusion pro
version/vmware fusion pro/8.0.0
vendor/apple
canonical/apple ios and macos

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.