VMware Privilege Escalation Issue
Monday, July 13, 2015 @ 04:07 PM gHale
A host privilege escalation vulnerability ended up fixed by VMware which issued updates for its Workstation, Player, and Horizon View Client for Windows.
Reported by Kyriakos Economou, vulnerability researcher at Nettitude, the bug (CVE-2015-3650) is the result of VMware Workstation, Player and Horizon View Client for Windows not setting a discretionary access control list (DACL) for one of their processes.
“This may allow a local attacker to elevate their privileges and execute code in the security context of the affected process,” VMware said in an advisory.
Affected product versions include VMware Workstation 11.x and 10.x, VMware Player 7.x and 6.x, and VMware Horizon Client for Windows (with Local Mode Option) 5.x.