CVE-2016-7461 code execution flaw affects VMware Workstation

VMware has patched a critical out-of-bounds memory access vulnerability, tracked as CVE-2016-7461, affecting its Workstation and Fusion products.

The flaw, that resides in the affects the drag-and-drop function, can be exploited by attackers to execute arbitrary code on the host operating system running Fusion or Workstation.

The security vulnerability affects Workstation Player and Pro 12.x, and Fusion (Pro) 8.x., while the ESXi is not affected.

The flaw war reported hacking contest 2016 PwnFest held in South Korea at the 2016 Power Of Community (POC) security conference. The hackers earned $140,000 for the Windows Edge hacks, while Qihoo hacker team and Lee earned $150,000 for the hack of the VMware Workstation 12.5.1.

VMware patched the vulnerability with the release of versions 12.5.2 and 8.5.2.

“Problem Description

a. VMware Workstation and Fusion out-of-bounds memory access vulnerability

The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.” states the advisory published by VMware.

VMware explained that the flaw cannot be exploited against Workstation Pro or Fusion when both the drag-and-drop and copy-and-paste functions are disabled, while it remains exploitable on Workstation Player.

Recently VMware released several security updates to fix the local privilege escalation flaw in Linux kernel, also known as Dirty COW, tracked as CVE-2016-5195.

“The Linux kernel which ships with the base operating system of VMware Appliances contains a race condition in the way its memory subsystem handles copy-on-write (aka “Dirty COW”). Successful exploitation of the vulnerability may allow for local privilege escalation. The product lines listed in this advisory have been confirmed to be affected.” reads the advisory from VMmware.com.

Security patches for Identity Manager, vRealize Automation and version 5.x of vRealize Operations are still pending.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – CVE-2016-7461, VMware)

[adrotate banner=”9″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.