SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   VMware Vendors:   VMware
VMware Workstation/Player Flaws Let Local Guest System Users Gain Elevated Privileges on the Host System
SecurityTracker Alert ID:  1036805
SecurityTracker URL:  http://securitytracker.com/id/1036805
CVE Reference:   CVE-2016-7081, CVE-2016-7082, CVE-2016-7083, CVE-2016-7084, CVE-2016-7085, CVE-2016-7086   (Links to External Site)
Updated:  Aug 2 2018
Original Entry Date:  Sep 14 2016
Impact:   Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in VMware Workstation and VMware Player. A local user on the guest system can gain elevated privileges on the host system. A local user on the host system can obtain elevated privileges on the host system.

A local user on a Windows guest system can trigger a heap overflow in Cortado ThinPrint to execute arbitrary code on the Windows host system running VMware Workstation [CVE-2016-7081]. Systems with virtual printing enabled are affected.

A local user on a Windows guest system can trigger a memory corruption error in Cortado ThinPrint ('tpview.dll') in the processing of EMF files [CVE-2016-7082], TrueType fonts embedded in EMFSPOOL [CVE-2016-7083], and JPEG2000 images [CVE-2016-7084] to execute arbitrary code on the Windows host system running VMware Workstation. Systems with virtual printing enabled are affected.

A local user on the host system can exploit a DLL hijacking flaw to execute arbitrary code on the host system [CVE-2016-7085].

E0DB6391795D7F629B5077842E649393 (via Trend Micro's Zero Day Initiative), Mateusz Jurczyk of Google's Project Zero, Stefan Kantha, Anand Bhat, and Himanshu Mehta reported these vulnerabilities.

Impact:   A local user on the guest system can gain elevated privileges on the host system.

A local user on the host system can obtain elevated privileges on the host system.

Solution:   The vendor has issued a fix (Workstation Pro 12.5.0, Player 12.5.0).

[Editor's note: Stefan Kanthak reported that VMware Player version 12.5.9 remains vulnerable to CVE-2016-7085].

The vendor advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2016-0014.html

Vendor URL:  www.vmware.com/security/advisories/VMSA-2016-0014.html (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC