Privilege elevation vulnerabilities found in VMware Workstation Pro/Player and VMware Horizon.

News by Doug Olenick

Security advisory issued after privilege elevation vulnerabilities found in VMware Workstation Pro/Player and VMware Horizon.

Two vulnerabilities in VMware Workstation Pro/Player (workstation), CVE-2019-5511 and CVE-2019-5512, are rated important and concern elevation of privilege issues. The organisation said the workstation does not handle paths and COM paths appropriately and a successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege or allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.

Those affected should upgrade to VMware Workstation Pro 14.1.6, 15.0.3 or VMware Workstation Player 14.1.6, 15.0.3.

The VMware Horizon flaw, CVE-2019-5513, is rated moderate and is due to the VMware Horizon Connection Server containing an information disclosure vulnerability. If exploited this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address.

VMware recommends updating to VMware Horizon 7 version 7.8, VMware Horizon 7 version 7.5.2 and VMware Horizon 6 version 6.2.8.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop