Advisory Details

This vulnerability allows local attackers to deny service on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on a guest OS in order to exploit this vulnerability.

The specific flaw exists within the ghi.guest.trayIcon.update RPC function. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the guest OS.

• 2018-04-17 - Vulnerability reported to vendor
• 2018-05-24 - Coordinated public release of advisory
• 2018-05-24 - Advisory Updated