Allele Security Alert
ASA-2019-00274, CVE-2019-5526, VMSA-2019-0007
DLL hijacking vulnerability
VMware Workstation Pro / Player (Workstation)
VMware Workstation Pro / Player (Workstation) versions 15.x
VMware Workstation Pro / Player (Workstation) version 15.1.0
Proof of concept
VMware Workstation contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
Boris Ryutin (ElevenPaths), Miguel Méndez Zúñiga (ElevenPaths) and Claudio Cortés Cid (ElevenPaths)
[Security-announce] VMSA-2019-0007 VMware Workstation update addresses a DLL-hijacking issue (CVE-2019-5526)
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 16, 2019