VMware Workstation and Horizon View Agent contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. VMware has evaluated the severity of this issue to be in the moderate severity range with a maximum CVSSv3 base score of 6.3.
Known Attack Vectors:
Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.
To remediate CVE-2019-5539, apply the patches listed in the 'Fixed Version' column of the 'Resolution Matrix' found below.
VMware would like to thank Peleg Hadar of SafeBreach Labs for reporting this issue to us.