Allele Security Alert
ASA-2019-00138, CVE-2019-5512, VMSA-2019-0002
COM classes used by the VMX process on a Windows host can be hijacked leading to elevation of privilege
VMware Workstation Pro
VMware Workstation Player
VMware Workstation Pro 15.x for Windows
VMware Workstation Pro 14.x for Windows
VMware Workstation Player 15.x for Windows
VMware Workstation Player 14.x for Windows
VMware Workstation Pro 15.0.3
VMware Workstation Pro 14.1.6
VMware Workstation Player 15.0.3
VMware Workstation Player 14.1.6
Proof of concept
COM classes are not handled appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
James Forshaw (Google Project Zero)
NEW: VMSA-2019-0002 – VMware Workstation update addresses elevation of privilege issues.
[Security-announce] NEW: VMSA-2019-0002 – VMware Workstation update addresses elevation of privilege issues.
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 2, 2019