Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-5512 — Vmware Workstation vulnerability

6 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 46.07%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vmware Workstation Vmware Workstation

Timeline

PublishedApr 9

Latest updateMay 13

Description

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

▶NVDvmware/workstation14.0.0 — 14.1.6+1

▶CVEListV5vmware/vmware_workstationVMware Workstation 15.x prior to 15.0.3, 14.x before 14.1.6

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-2v7x-ww9h-6334: VMware Workstation (15↗2022-05-13

▶

CVEList

CVE-2019-5512: VMware Workstation (15↗2019-04-09

▶

💥Exploits & PoCs

Exploit-DB

MailCarrier 2.51 - 'RCPT TO' Buffer Overflow↗2019-04-15

▶

Exploit-DB

VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation↗2019-03-25

▶

📋Vendor Advisories

VMware

VMware Horizon update addresses Connection Server information disclosure vulnerability↗2019-03-14

▶