CVE-2019-5512
published 2019-04-09CVE-2019-5512: VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue…
PriorityP348high8.8CVSS 3.0
AVLACLPRLUINSCCHIHAH
EXPLOIT
EPSS
1.23%
65.1th percentile
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | workstation | >= 14.0.0 < 14.1.6 | 14.1.6 |
| vmware | workstation | >= 15.0.0 < 15.0.3 | 15.0.3 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2v7x-ww9h-6334: VMware Workstation (15
ghsa_unreviewed·2022-05-13
CVE-2019-5512 [HIGH] GHSA-2v7x-ww9h-6334: VMware Workstation (15
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
VMware
VMware Horizon update addresses Connection Server information disclosure vulnerability
vendor_vmware·2019-03-14·CVSS 5.3
CVE-2019-5511 [MEDIUM] VMware Horizon update addresses Connection Server information disclosure vulnerability
VMSA-2019-0003: VMware Horizon update addresses Connection Server information disclosure vulnerability
VMware Horizon update addresses Connection Server information disclosure vulnerability 2. Relevant Products VMware Horizon 3. Problem Description Connection Server Information disclosure vulnerability The VMware Horizon Connection Server contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address. VMware would like to thank Cory Mathews of Critical Start and HD Moore of Atredis Partners for independently reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5513 to
No detection rules found.
Exploit-DB
MailCarrier 2.51 - 'RCPT TO' Buffer Overflow
exploitdb·2019-04-15
MailCarrier 2.51 - 'RCPT TO' Buffer Overflow
MailCarrier 2.51 - 'RCPT TO' Buffer Overflow
---
#!/usr/bin/python
# Exploit Title: MailCarrier 2.51 'RCPT TO' - Buffer Overflow (Remote)
# Date: 12/04/2019
# Exploit Author: Dino Covotsos - Telspace Systems
# Vendor Homepage: https://www.tabslab.com/
# Version: 2.51
# Software Link: N.A
# Contact: services[@]telspace.co.za
# Twitter: @telspacesystems (Greets to the Telspace Crew)
# Tested on: Windows XP Prof SP3 ENG x86
# CVE: TBC from Mitre
# Created for the Telspace Internship 2019 - Vanilla EIP Overwrite
#0x7e4456f7 : jmp esp | {PAGE_EXECUTE_READ} [USER32.dll] ASLR: False, Rebase: False, SafeSEH: True, OS: True, v5.1.2600.5512 (C:\WINDOWS\system32\USER32.dll)
#POC
#1.) Change ip and port in code
#2.) Run script against target, meterpreter bind shell waiting for you on port 443 on the
Exploit-DB
VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
exploitdb·2019-03-25
CVE-2019-5512 VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation
---
VMware: Host VMX Process COM Class Hijack EoP
Platform: VMware Workstation Windows v14.1.5 (on Windows 10). Also tested VMware Player 15.
Class: Elevation of Privilege
Summary: COM classes used by the VMX process on a Windows host can be hijacked leading to elevation of privilege.
Description: The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYST
No writeups or analysis indexed.
2019-04-09
Published