Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-5526Uncontrolled Search Path Element in Vmware Workstation

CWE-427Uncontrolled Search Path Element6 documents6 sources
Severity
7.8HIGHNVD
EPSS
6.8%
top 8.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Vmware WorkstationVmware Workstation
Timeline
PublishedMay 15
Latest updateMay 24

Description

VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDvmware/workstation15.0.015.1.0
CVEListV5vmware/vmware_workstationVMware Workstation (15.x before 15.1.0)

🔴Vulnerability Details

3
GHSA
GHSA-x8jx-65f6-p7vf: VMware Workstation (152022-05-24
CVEList
CVE-2019-5526: VMware Workstation (152019-05-15
VulnCheck
VMware workstation Uncontrolled Search Path Element2019

💥Exploits & PoCs

1
Exploit-DB
VMware Workstation 15.1.0 - DLL Hijacking2019-05-16

📋Vendor Advisories

1
VMware
VMware Workstation update addresses a DLL-hijacking issue (CVE-2019-5526)2019-05-14
CVE-2019-5526 — Uncontrolled Search Path Element | cvebase