R0 CREW

Analyzing a Patch of a Virtual Machine Escape on VMware

The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion. On Workstation Pro and Fusion, the issue cannot be exploited if both the drag-and-drop function and the copy-and-paste (C&P) function are disabled.

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-patch-of-a-virtual-machine-escape-on-vmware/