silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,151
VMware pushed out security updates covering five vulnerabilities that if exploited could lead to information disclosure or a denial of service situation.
The important-rated vulnerabilities are CVE-2019-5540, CVE-2019-5541 and CVE-2019-5542 and impact VMware Workstation Pro / Player and VMware Fusion Pro/Fusion.
The two moderate issues covered are CVE-2018-12207 and CVE-2019-11135 and effect VMware ESXi, VMware Workstation and VMware Fusion.
- CVE-2019-5541 covers an out-of-bounds write vulnerability in e1000e virtual network adapter that could lead to lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition on their own VM.
- CVE-2019-5540 is an information disclosure vulnerability in vmnetdhcp that if abused could allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.
- CVE-2019-5542 refers to a denial-of-service vulnerability in the RPC handler giving attackers with normal user privileges to create a denial-of-service condition on their own VM.