Vulnerability CVE-2019-5526


Published: 2019-05-15

Description:
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
VMware Workstation DLL Hijacking
Miguel Mendez Z
17.05.2019

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://packetstormsecurity.com/files/152946/VMware-Workstation-DLL-Hijacking.html
http://www.securityfocus.com/bid/108333
https://www.vmware.com/security/advisories/VMSA-2019-0007.html

Copyright 2019, cxsecurity.com

 

Back to Top