CVE-2015-3650 – VMware Multiple Products Privilege Escalation

CVE: CVE-2015-3650
Vendor: VMware
Product: Multiple Products
Reported by: Kyriakos Economou (@kyREcon)

VMware Workstation, Player and Horizon View Client for Windows do not set a discretionary access control list (DACL) for one of their processes. This may allow a local attacker to elevate their privileges and execute code in the security context of the affected process.

Vulnerable Products
VMware Workstation for Windows 11.x prior to version 11.1.1
VMware Workstation for Windows 10.x prior to version 10.0.7
VMware Player for Windows 7.x prior to version 7.1.1
VMware Player for Windows 6.x prior to version 6.0.7
VMware Horizon Client for Windows (with Local Mode Option) prior to version 5.4.2

VMWare Advisory
Nettitude Exploitation Write-up

All Rights R3v3rs3d