VMware Workstation ghi update Null Pointer Dereference Denial of Service Vulnerability

ID ZDI-18-533
Type zdi
Reporter Hahna Latonick and Kevin Fujimoto
Modified 2018-06-22T00:00:00


This vulnerability allows local attackers to deny service on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on a guest OS in order to exploit this vulnerability. The specific flaw exists within the ghi.guest.trayIcon.update RPC function. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the guest OS.