ID CVE-2019-5512
Summary VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:workstation:14.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:14.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:14.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:14.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:14.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:14.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:15.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:15.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:15.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:15.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:15.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
misc https://www.vmware.com/security/advisories/VMSA-2019-0002.html
Last major update 24-08-2020 - 17:37
Published 09-04-2019 - 20:30
Last modified 24-08-2020 - 17:37
Back to Top