cpe:/a:vmware:fusion:8.0.0 cpe:/a:vmware:fusion:8.0.1 cpe:/a:vmware:fusion:8.0.2 cpe:/a:vmware:fusion:8.1.0 cpe:/a:vmware:fusion:8.5.0 cpe:/a:vmware:fusion:8.5.1 cpe:/a:vmware:fusion:8.5.2 cpe:/a:vmware:fusion:8.5.3 cpe:/a:vmware:fusion:8.5.4 cpe:/a:vmware:fusion:8.5.5 cpe:/a:vmware:fusion:8.5.6 cpe:/a:vmware:fusion:8.5.7 cpe:/a:vmware:fusion:8.5.8 cpe:/a:vmware:fusion:10.0 cpe:/a:vmware:fusion:10.1.0 cpe:/a:vmware:workstation_pro:12.0.0 cpe:/a:vmware:workstation_pro:12.0.1 cpe:/a:vmware:workstation_pro:12.1.0 cpe:/a:vmware:workstation_pro:12.1.1 cpe:/a:vmware:workstation_pro:12.5.0 cpe:/a:vmware:workstation_pro:12.5.1 cpe:/a:vmware:workstation_pro:12.5.2 cpe:/a:vmware:workstation_pro:12.5.3 cpe:/a:vmware:workstation_pro:12.5.4 cpe:/a:vmware:workstation_pro:12.5.5 cpe:/a:vmware:workstation_pro:12.5.6 cpe:/a:vmware:workstation_pro:12.5.7 cpe:/a:vmware:workstation_pro:14.0 cpe:/a:vmware:workstation_pro:14.1.0 cpe:/o:vmware:esxi:5.5 cpe:/o:vmware:esxi:6.0 cpe:/o:vmware:esxi:6.5 CVE-2017-4933 2017-12-20T10:29:00.217-05:00 2018-01-11T14:29:46.333-05:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2018-01-08T17:31:59.170-05:00 SECTRACK 1040024 SECTRACK 1040025 CONFIRM https://www.vmware.com/security/advisories/VMSA-2017-0021.html VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.