Arbitrary code execution in VMware Workstation and Fusion



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-6973
CWE-ID CWE-787
Exploitation vector Local network
Public exploit N/A
Vulnerable software
 VMware Workstation
Client/Desktop applications / Virtualization software

VMware Fusion
Client/Desktop applications / Virtualization software

Vendor VMware, Inc

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Out-of-bounds write

EUVDB-ID: #VU14413

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-6973

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The vulnerability exists due to out-of-bounds write in the e1000 device. An adjacent attacker can trigger memory corruption and execute arbitrary code withe elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update Workstation to version 14.1.3.
Update Fusion to version 10.1.3.

Vulnerable software versions

VMware Workstation: 14.0 - 14.1.2

VMware Fusion: 10.0 - 10.1.2

CPE2.3 External links

https://www.vmware.com/security/advisories/VMSA-2018-0022.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###