CVE-2019-5539

CWE-427 CWE-4264 documents4 sources

Severity

7.8HIGH

EPSS

0.2%

top 56.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Horizon View Agent Vmware Workstation Vmware Vmware Workstation

Timeline

PublishedDec 23

Latest updateMay 24

Description

VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDvmware/horizon_view_agent7.5.0 — 7.5.4+1

▶CVEListV5vmware/horizon_view_agent7.10.x prior to 7.10.1, 7.5.x prior 7.5.4+1

▶NVDvmware/workstation15.0.0 — 15.5.1

▶CVEListV5vmware/vmware_workstation15.x prior to 15.5.1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-r6qv-pq43-h5wg: VMware Workstation (15↗2022-05-24

▶

CVEList

CVE-2019-5539: VMware Workstation (15↗2019-12-23

▶

📋Vendor Advisories

VMware

VMware Workstation and Horizon View Agent updates address a DLL-hijacking issue (CVE-2019-5539)↗2019-12-20

▶