SB2019111327 - Multiple vulnerabilities in VMware Workstation, Fusion and Horizon

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2019-5540)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to information disclosure issue in vmnetdhcp. A remote authenticated attacker can leak memory from the host process and gain unauthorized access to sensitive information on the system.

2) Out-of-bounds write (CVE-ID: CVE-2019-5541)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input via the e1000e virtual network adapter. A remote administrator can trigger out-of-bounds write and execute arbitrary code on the target system, or create a denial-of-service (DoS) condition on their own VM.

3) Input validation error (CVE-ID: CVE-2019-5542)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the RPC handler. A remote authenticated attacker can cause a denial-of-service condition on their own VM.

4) Insecure DLL loading (CVE-ID: CVE-2019-5539)

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to insecure loading of a DLL by Cortado Thinprint. A local user can escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.

Remediation

Install update from vendor's website.

References

• http://www.vmware.com/security/advisories/VMSA-2019-0021.html
• http://www.vmware.com/security/advisories/VMSA-2019-0023.html