Lucene search

[email protected]CVE-2019-5512

HistoryApr 09, 2019 - 8:30 p.m.

CVE-2019-5512

2019-04-0920:30:20

[email protected]

web.nvd.nist.gov

cve-2019-5512

vmware

workstation

windows

com classes

hijacking

vmx process

elevation of privilege

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.9%

JSON

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.

Affected configurations

NVD

Node

vmwareworkstationRange14.0.0–14.1.6

vmwareworkstationRange15.0.0–15.0.3

AND

microsoftwindowsMatch-

CPENameOperatorVersion
vmware:workstationvmware workstationlt14.1.6
vmware:workstationvmware workstationlt15.0.3

CPE	Name	Operator	Version
vmware:workstation	vmware workstation	lt	14.1.6
vmware:workstation	vmware workstation	lt	15.0.3

CNA Affected

[
  {
    "product": "VMware Workstation",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VMware Workstation 15.x prior to 15.0.3, 14.x before 14.1.6"
      }
    ]
  }
]