VMware Workstation Authorization Service Denial-of-Service Vulnerability

ID ZDI-15-031
Type zdi
Reporter Dmitry Yudin @ret5et
Modified 2015-06-22T00:00:00


This vulnerability allows remote attackers to cause a denial-of-service on vulnerable installations of VMWare Workstation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VMWare Authorization service, which is listening on port 912. By sending a malformed packet, an attacker is able to cause the service to shut itself down. The service will not automatically restart, and once disabled virtual machines will not be able to get access to new resources.