漏洞信息详情

VMware Workstation 权限许可和访问控制问题漏洞

漏洞简介

VMware Workstation是美国威睿(VMware)公司的一套虚拟机软件。该软件提供可以同时运行多个不同的操作系统的虚拟机功能。

VMware Workstation 15.1.0之前的15.x版本中存在DLL劫持漏洞,该漏洞源于程序没有正确地加载DLL文件。攻击者可利用该漏洞将权限提升至管理员。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://www.vmware.com/security/advisories/VMSA-2019-0007.html

参考网址

来源:www.securityfocus.com

链接:http://www.securityfocus.com/bid/108333

来源:www.vmware.com

链接:http://www.vmware.com

来源:blogs.technet.com

链接:http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx

来源:blog.metasploit.com

链接:http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html

来源:blog.rapid7.com

链接:http://blog.rapid7.com/?p=5325

来源:MISC

链接:http://packetstormsecurity.com/files/152946/VMware-Workstation-DLL-Hijacking.html

来源:www.vmware.com

链接:https://www.vmware.com/security/advisories/VMSA-2019-0007.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/80962

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/VMware-Workstation-executing-DLL-code-29307

来源:www.securityfocus.com

链接:https://www.securityfocus.com/bid/108333

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/152946/VMware-Workstation-DLL-Hijacking.html

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-5526

来源:www.exploit-db.com

链接:https://www.exploit-db.com/exploits/46851

受影响实体

    暂无


漏洞信息快速查询

相关漏洞

更多