silversurfer

Level 52
Verified
Trusted
Content Creator
Malware Hunter
VMware this week patched code execution, command injection, information disclosure and denial-of-service (DoS) vulnerabilities in its ESXi, vCenter Server, Workstation, Fusion, VMRC and Horizon Client products.

On Monday, the company announced the availability of patches for a total of four vulnerabilities affecting ESXi and vCenter Server. The most serious of them appear to be CVE-2019-5532 and CVE-2019-5534, high-severity information disclosure issues affecting vCenter Server.
A separate advisory published by VMware on Thursday describes two vulnerabilities. One of them, CVE-2019-5527, is a high-severity issue related to the virtual sound device used by ESXi, Workstation, Fusion, VMRC and Horizon Client. This component is affected by a use-after-free bug that can be exploited by a local attacker with non-admin access to the guest machine to execute arbitrary code on the host.