Allele Security Alert
ASA-2019-00137, CVE-2019-5511, VMSA-2019-0002
The creation of the VMX process on a Windows host can be hijacked leading to elevation of privilege
VMware Workstation Pro
VMware Workstation Player
VMware Workstation Pro 15.x for Windows
VMware Workstation Pro 14.x for Windows
VMware Workstation Player 15.x for Windows
VMware Workstation Player 14.x for Windows
VMware Workstation Pro 15.0.3
VMware Workstation Pro 14.1.6
VMware Workstation Player 15.0.3
VMware Workstation Player 14.1.6
Proof of concept
Workstation does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.
James Forshaw (Google Project Zero)
NEW: VMSA-2019-0002 – VMware Workstation update addresses elevation of privilege issues.
[Security-announce] NEW: VMSA-2019-0002 – VMware Workstation update addresses elevation of privilege issues.
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 15, 2019