Allele Security Alert
ASA-2019-00317, CVE-2019-5522, VMSA-2019-0009
VMware Tools out of bounds read vulnerability
VMware Tools for Windows 10.x running on Windows
VMware Tools for Windows 10.3.10
Proof of concept
VMware Tools update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines.
A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
ChenNan (Tencent ZhanluLab) and RanchoIce (Tencent ZhanluLab)
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 7, 2019