KLA11457
Multiple vulnerabilities in VMware Workstation and Fusion

Updated: 06/03/2020
Detect date
?
03/28/2019
Severity
?
Critical
Description

Multiple vulnerabilities were found in VMware Workstation and Fusion. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code and cause denial of service.

Below is a complete list of vulnerabilities:

  1. Security vulnerability in VMware Fusion can be exploited to bypass security restrictions;
  2. Out-of-bounds write vulnerability in VMware Workstation and Fusion can be exploited to cause denial of service and potentially execute arbitrary code;
  3. Out-of-bounds read/write vulnerability in VMware Workstation and Fusion can be exploited to execute arbitrary code;
  4. Time-of-check Time-of-use (TOCTOU) vulnerability in VMware Workstation and Fusion can be exploited to execute arbitrary code;
  5. Out-of-bounds write vulnerability in VMware Workstation and Fusion can be exploited to execute arbitrary code;
Affected products

VMware Workstation 15.x earlier than 15.0.4
VMware Workstation 14.x earlier than 14.1.7
VMware Fusion 11.x earlier than 11.0.3
VMware Fusion 10.x earlier than 10.1.6

Solution

Update to the latest version
Download Fusion

Original advisories

VMSA-2019-0005

Impacts
?
ACE 
[?]

DoS 
[?]

SB 
[?]
Related products
VMware Workstation
VMware Fusion
CVE-IDS
?
Find out the statistics of the vulnerabilities spreading in your region