Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-5330

CWE-4264 documents4 sources

Severity

7.8HIGH

EPSS

25.5%

top 3.78%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vmware Fusion Vmware Workstation Player Vmware Workstation PRO +2 more

Timeline

PublishedAug 8

Latest updateMay 13

Description

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDvmware/workstation_player12.1.0 — 12.1.1

▶NVDvmware/workstation_pro12.1.0 — 12.1.1

▶NVDvmware/fusion8.1 — 8.1.1

▶NVDvmware/esxi5.0 — 6.0

▶NVDvmware/tools9.0.0 — 10.3.22

🔴Vulnerability Details

GHSA

GHSA-r9pr-hcq4-m3jp: Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10↗2022-05-13

▶

CVEList

CVE-2016-5330: Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10↗2016-08-08

▶

💥Exploits & PoCs

Exploit-DB

VMware Host Guest Client Redirector - DLL Side Loading (Metasploit)↗2016-08-06

▶