Allele Security Alert
ASA-2019-00138
Identifier(s)
ASA-2019-00138, CVE-2019-5512, VMSA-2019-0002
Title
COM classes used by the VMX process on a Windows host can be hijacked leading to elevation of privilege
Vendor(s)
VMware
Product(s)
VMware Workstation Pro
VMware Workstation Player
Affected version(s)
VMware Workstation Pro 15.x for Windows
VMware Workstation Pro 14.x for Windows
VMware Workstation Player 15.x for Windows
VMware Workstation Player 14.x for Windows
Fixed version(s)
VMware Workstation Pro 15.0.3
VMware Workstation Pro 14.1.6
VMware Workstation Player 15.0.3
VMware Workstation Player 14.1.6
Proof of concept
Unknown
Description
COM classes are not handled appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
Technical details
Unknown
Credits
James Forshaw (Google Project Zero)
Reference(s)
VMSA-2019-0002
https://www.vmware.com/security/advisories/VMSA-2019-0002.html
NEW: VMSA-2019-0002 – VMware Workstation update addresses elevation of privilege issues.
https://seclists.org/bugtraq/2019/Mar/20
[Security-announce] NEW: VMSA-2019-0002 – VMware Workstation update addresses elevation of privilege issues.
https://lists.vmware.com/pipermail/security-announce/2019/000451.html
CVE-2019-5512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5512
CVE-2019-5512
https://nvd.nist.gov/vuln/detail/CVE-2019-5512
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 2, 2019