Vulnerability title: Invalid Pointer Dereference in VMware Workstation
Product: Workstation, Player
Affected version: VMware WorkStation v10.0.1 build-1379776 and VMware
Player v6.0.1 build-1379776
Fixed version: N/A
Reported by: Kyriakos Economou
The vmx86.sys (32 & 64-bit) kernel mode driver shared by various VMware Windows products such as VMware Workstation and VMWare Player, allows a local attacker to kill the host system through a Blue Screen of Death by sending a specific IOCTL code with a 3 bytes, or larger, input buffer.
The Blue Screen is triggered because the vulnerable function doesn’t check if a pointer to a memory page is valid or not, thus causing a memory access violation by trying to read from an unallocated memory page.