Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1720
VMware Workstation update addresses a DLL-hijacking issue
15 May 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMware Workstation
Publisher: VMWare
Operating System: Windows
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-5526
Original Bulletin:
https://www.vmware.com/security/advisories/VMSA-2019-0007.html
- --------------------------BEGIN INCLUDED TEXT--------------------
+-----------------------------------------------------------------------------+
|Advisory ID |VMSA-2019-0007 |
|--------------+--------------------------------------------------------------|
|Advisory |Moderate |
|Severity | |
|--------------+--------------------------------------------------------------|
|CVSSv3 Range |6.0 |
|--------------+--------------------------------------------------------------|
|Synopsis |VMware Workstation update addresses a DLL-hijacking issue |
| |(CVE-2019-5526) |
|--------------+--------------------------------------------------------------|
|Issue Date |2019-05-14 |
|--------------+--------------------------------------------------------------|
|Updated On |2019-05-14 (Initial Advisory) |
|--------------+--------------------------------------------------------------|
|CVE(s) |CVE-2019-5526 |
+-----------------------------------------------------------------------------+
1. Impacted Products
* VMware Workstation Pro / Player (Workstation)
2. Introduction
VMware Workstation update addresses a DLL-hijacking issue:
* CVE-2019-5526: VMware Workstation DLL hijacking vulnerability
3. VMware Workstation DLL hijacking vulnerability - CVE-2019-5526
Description:
VMware Workstation contains a DLL hijacking issue because some DLL files are
improperly loaded by the application. VMware's Security Engineering and
Response (vSECR) organization has evaluated the severity of this issue to be in
the Moderate severity range with a maximum CVSSv3 base score of 6.0.
Known Attack Vectors:
Successful exploitation of this issue may allow attackers with normal user
privileges to escalate their privileges to administrator on a windows
host where Workstation is installed.
Resolution:
Update to Workstation 15.1.0 in order to resolve this issue.
Workarounds:
There are no workarounds for this issue.
Additional Documentations:
None.
Acknowledgements:
VMware would like to thank Boris Ryutin along with Miguel Mendez Zuniga and
Claudio Cortes Cid of ElevenPaths labs in Chile and
Spain for independently reporting this issue to us.
Response Matrix:
+----------------------------------------------------------------------------------------+
|Product |Version|Running|CVE |CVSSV3|Severity|Fixed |Workarounds|Additional|
| | |On |Identifier | | |Version| |Documents |
|-----------+-------+-------+-------------+------+--------+-------+-----------+----------|
|Workstation|15.x |Windows|CVE-2019-5526|6.0 |Moderate|15.1.0 |None |None |
+----------------------------------------------------------------------------------------+
4. References
Please review the patch/release notes for your product and version and verify
the checksum of your downloaded file.
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5526
Fixed Version(s) and Release Notes:
VMware Workstation Pro 15.1.0
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player 15.1.0
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
5. Change log
VMSA-2019-0007 - Initial security advisory in conjunction with the release of
Workstation 15.1.0 on 2019-05-14.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org
E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXNuKZWaOgq3Tt24GAQh8jQ/9HF4rAMyuhYQEBEYE6BT4UYQVTpj48anM
JWmJ+FtRRW0SAbHxt77OKUF8MM7t3N8KsOPrUC3yLB/FAvFCO7Eb+1pOfV3hMysL
W/3oUWB2B2H34aJ2gEnFyOj8XrGqS5xOeydWHo7YAVC5Sfz4b5JuuGAIRneDLts0
WofZpldCR8U+XxF29XypNl22NxO+xHJQmlEqdOYF3D+T/Fs33GojblkgAa3o/haH
VV4YKOzOIsZaqYNJ4+hsvVftgKS2F43GkZBxdexPm+60XqW7zgLKaJBZzhlQsrZf
1UJapNtxgcyytCaSaJ/T4+BaO5N1XssHgJfm/kFn3qtfwCCABesOza9FwsRrbN4u
Q7WCS7BXXCzeNWCE6sewWvxesnpIIDfpdLhBsJIZLLgAFChwBRlx/9fSn/YHjYsO
Q8zeiI0JYPe3gLbXX/5nv1cl8PZyYugAKcZjh5P1lKkhx+cFFN4b+frlkSFnA+a+
NnrQU9KhhNpckE5LlBBY5ebLlHfrw65RgGcKCphyiwk5hhliKntWGxvCI0c+p7Je
vNTDIF5qh5quckXIqV37c2bRwQWMYg281cjVTZ1KwYNN1GcrmOAuMXw4lc2uTIJI
7mGs1G/+aC6AKmD9JLVqwRU0QpNnBCJ7pE1GALJxLYXm2w1ZBBTaAdfnRgR5smFE
8IkCo1ymVqI=
=MCWR
-----END PGP SIGNATURE-----