Your one-stop web resource providing safety and security information to manufacturers

There is a VMware Workstation update that addresses elevation of privilege issues and a Horizon fix to handle an information disclosure hole.

The holes inVMware Workstation Pro/Player (Workstation) are labeled CVE-2019-5511 and CVE-2019-5512.

RELATED STORIES
VMware Releases Security Fixes
VMware Clears Critical Integer Overflow Hole
VMware Clears VM Escape Holes
VMware Plugs Hole in Virtual Graphics Card

The creation of the VMX process on a Windows host can end up hijacked leading to elevation of privilege.

In CVE-2019-5511, Workstation does not handle paths appropriately, officials said. Successful exploitation of this issue, discovered by James Forshaw of Google Project Zero, may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.

Cyber Security

In CVE-2019-5512, VMware Workstation COM classes used by the VMX process on a Windows host can end up hijacked leading to elevation of privilege.

In this case COM classes are not handled appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process on a Windows host.

Click here to download the new version of VMware Workstation Pro 14.1.6, 15.0.3.

Click here to download the latest version of VMware Workstation Player 14.1.6, 15.0.3.

In the meantime, the Horizon update addresses a connection server information disclosure vulnerability where a successful exploitation may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address. Cory Mathews of Critical Start and HD Moore of Atredis Partners discovered the issue, labeled CVE-2019-5513.

Click here to download VMware Horizon 7 version 7.8.

Click here to download VMware Horizon 7 version 7.5.2.

Click here to download VMware Horizon 6 version 6.2.8.

Pin It on Pinterest

Share This