CVE-2015-3650 – VMware Multiple Products Privilege Escalation

CVE: CVE-2015-3650
Vendor: VMware
Product: Multiple Products
Reported by: Kyriakos Economou

Details:

VMware Workstation, Player and Horizon View Client for Windows do not set a discretionary access control list (DACL) for one of their processes. This may allow a local attacker to elevate their privileges and execute code in the security context of the affected process.

Vulnerable Products:

VMware Workstation for Windows 11.x prior to version 11.1.1
VMware Workstation for Windows 10.x prior to version 10.0.7
VMware Player for Windows 7.x prior to version 7.1.1
VMware Player for Windows 6.x prior to version 6.0.7
VMware Horizon Client for Windows (with Local Mode Option) prior to version 5.4.2

VMware Advisory: https://www.vmware.com/security/advisories/VMSA-2015-0005#sthash.9ax0A2Rm.dpuf

Full Article & PoC Video: https://www.nettitude.co.uk/vmware-multiple-products-privilege-escalation/

 

Share