VMware Workstation and Fusion are prone to an local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
A local attacker can leverage this issue to execute arbitrary code on the host. Failed attempts may lead to denial-of-service conditions.
Information
VMWare Workstation 14.1.4
VMWare Workstation 14.1.3
VMWare Workstation 14.1.1
VMWare Workstation 14.1
VMWare Workstation 15.0
VMWare Workstation 14.1.2
VMWare Workstation 14.0
VMWare Fusion 11.0.1
VMWare Fusion 10.1.4
VMWare Fusion 10.1.3
VMWare Fusion 10.1.2
VMWare Fusion 10.1.1
VMWare Fusion 11.0
VMWare Fusion 10.1
VMWare Fusion 10.0
VMWare Workstation 14.1.5
VMWare Fusion 11.0.2
VMWare Fusion 10.1.5
Exploit
Exploitation of this issue was demonstrated at the Pwn contest, but the exploit is not publicly available.
References: