Multiple VMware Products CVE-2019-5518 Out of Bounds Read Write Local Code Execution Vulnerability

Multiple VMware products are prone to a local code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.

Information

Bugtraq ID: 107541
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: No
Published: Mar 21 2019 12:00AM
Updated: Mar 21 2019 12:00AM
Credit: Fluoroacetate duo of Amat Cama and Richard Zhu
Vulnerable: VMWare Workstation 0

Not Vulnerable:

Exploit

Exploitation of this issue was demonstrated at the Pwn2own contest, but the exploit is not publicly available.

References:

VMware Homepage (VMware)
Pwn2Own Vancouver 2019: Day Two Results (thezdi.com)
VMSA-2019-0005: VMware ESXi, Workstation and Fusion updates address multiple sec (VMWare)

Source: www.securityfocus.com

Exploit Collector

Search Exploit