CVE-2019-5526
published 2019-05-15CVE-2019-5526: VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation…
PriorityP277high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.03%
94.6th percentile
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | workstation | >= 15.0.0 < 15.1.0 | 15.1.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for suspicious DLL loads related to SHGetFolderPathW in the context of VMware Workstation processes, which may indicate DLL hijacking exploitation. ↗
- →Alert on privilege escalation from normal user to administrator on Windows hosts where VMware Workstation is installed, potentially triggered by a malicious DLL being loaded. ↗
- ·Exploitation requires the attacker to already have normal user privileges on the Windows host where VMware Workstation is installed. ↗
- ·Only VMware Workstation versions 15.x before 15.1.0 are affected; version 15.1.0 and later are not vulnerable. ↗
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x8jx-65f6-p7vf: VMware Workstation (15
ghsa_unreviewed·2022-05-24
CVE-2019-5526 [HIGH] GHSA-x8jx-65f6-p7vf: VMware Workstation (15
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
VulnCheck
VMware workstation Uncontrolled Search Path Element
vulncheck·2019·CVSS 7.8
CVE-2019-5526 [HIGH] VMware workstation Uncontrolled Search Path Element
VMware workstation Uncontrolled Search Path Element
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
Affected: VMware workstation
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://any.run/cybersecurity-blog/gh0stbins-chinese-rat-malware-analysis/
VMware
VMware Workstation update addresses a DLL-hijacking issue (CVE-2019-5526)
vendor_vmware·2019-05-14·CVSS 7.8
CVE-2019-5526 [HIGH] VMware Workstation update addresses a DLL-hijacking issue (CVE-2019-5526)
VMSA-2019-0007: VMware Workstation update addresses a DLL-hijacking issue (CVE-2019-5526)
| Advisory Severity | Moderate | Synopsis | VMware Workstation update addresses a DLL-hijacking issue (CVE-2019-5526) | Issue Date | 2019-05-14 | Updated On | 2019-05-14 (Initial Advisory) | CVE(s) | CVE-2019-5526 VMware Workstation Pro / Player (Workstation) 2. IntroductionVMware Workstation update addresses a DLL-hijacking issue:
CVEs: CVE-2019-5526
Affected products: VMware Workstation, Workstation Player, Workstation Pro
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/152946/VMware-Workstation-DLL-Hijacking.htmlhttp://www.securityfocus.com/bid/108333https://www.vmware.com/security/advisories/VMSA-2019-0007.htmlhttp://packetstormsecurity.com/files/152946/VMware-Workstation-DLL-Hijacking.htmlhttp://www.securityfocus.com/bid/108333https://www.vmware.com/security/advisories/VMSA-2019-0007.html
2019-05-15
Published
Exploited in the wild