Total vulnerabilities in the database
vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread.
| Software | From | Fixed in |
|---|---|---|
| vmware / player | 6.0 | 6.0.x |
| vmware / player | 7.1 | 7.1.x |
| vmware / player | 5.0.2 | 5.0.2.x |
| vmware / player | 5.0.3 | 5.0.3.x |
| vmware / player | 5.0.1 | 5.0.1.x |
| vmware / player | 6.0.6 | 6.0.6.x |
| vmware / player | 5.0.4 | 5.0.4.x |
| vmware / player | 5.0 | 5.0.x |
| vmware / player | 6.0.4 | 6.0.4.x |
| vmware / player | 7.0 | 7.0.x |
| vmware / player | 6.0.2 | 6.0.2.x |
| vmware / player | 6.0.3 | 6.0.3.x |
| vmware / player | 6.0.5 | 6.0.5.x |
| vmware / player | 6.0.1 | 6.0.1.x |
| vmware / workstation | 10.0.4 | 10.0.4.x |
| vmware / workstation | 10.0.3 | 10.0.3.x |
| vmware / workstation | 10.0 | 10.0.x |
| vmware / workstation | 10.0.2 | 10.0.2.x |
| vmware / workstation | 10.0.6 | 10.0.6.x |
| vmware / workstation | 11.0 | 11.0.x |
| vmware / workstation | 10.0.1 | 10.0.1.x |
| vmware / workstation | 10.0.5 | 10.0.5.x |
| vmware / workstation | 11.1 | 11.1.x |
| vmware / horizon_view_client | 5.4.1 | 5.4.1.x |
| vmware / horizon_view_client | 5.4 | 5.4.x |