Allele Security Alert
ASA-2019-00274
Identifier(s)
ASA-2019-00274, CVE-2019-5526, VMSA-2019-0007
Title
DLL hijacking vulnerability
Vendor(s)
VMware
Product(s)
VMware Workstation Pro / Player (Workstation)
Affected version(s)
VMware Workstation Pro / Player (Workstation) versions 15.x
Fixed version(s)
VMware Workstation Pro / Player (Workstation) version 15.1.0
Proof of concept
Unknown
Description
VMware Workstation contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
Technical details
Unknown
Credits
Boris Ryutin (ElevenPaths), Miguel Méndez Zúñiga (ElevenPaths) and Claudio Cortés Cid (ElevenPaths)
Reference(s)
[Security-announce] VMSA-2019-0007 VMware Workstation update addresses a DLL-hijacking issue (CVE-2019-5526)
https://lists.vmware.com/pipermail/security-announce/2019/000457.html
VMSA-2019-0007
https://www.vmware.com/security/advisories/VMSA-2019-0007.html
CVE-2019-5526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5526
CVE-2019-5526
https://nvd.nist.gov/vuln/detail/CVE-2019-5526
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 16, 2019