VMware ESXi, Workstation, Fusion Affected by Critical Out-of-Bounds Read - Labarai Ingantattu

AdSense

VMware ESXi, Workstation, Fusion Affected by Critical Out-of-Bounds Read

VMware released updates for its ESXi, Workstation, and Fusion software to address a critical SVGA heap-based buffer overflow privilege escalation vulnerability which would allow a guest to execute code on the host machine.

"The specific flaw exists within the handling of virtualized SVGA. The issue results from the lack of proper validation of user-supplied data, which can result in an overflow of a heap-based buffer," says the anonymous ZDI-18-1242 advisory. "An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the host OS."

The security issue can be exploited by attackers to compromise machines running the following vulnerable versions of VMware's vSphere ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (Pro / Player) (14.x before 14.1... (read more)

No comments

Powered by Blogger.