Lucene search

K
zdtUnamer1337DAY-ID-33584
HistoryNov 25, 2019 - 12:00 a.m.

VMware WorkStation 12.5.3 - Virtual Machine Escape Exploit

2019-11-2500:00:00
unamer
0day.today
255
vmware
virtual machine
exploit
win10 x64
vs2013
heap manipulation
reboot issue
cleanvm script

EPSS

0.004

Percentile

74.0%

# VMware Escape Exploit

VMware Escape Exploit before VMware WorkStation 12.5.3

Host Target: Win10 x64

Compiler: VS2013 

Test on VMware 12.5.2 build-4638234

# Known issues

* Failing to heap manipulation causes host process crash. (About 50% successful rate )
* Not quite elaborate because I'm not good at doing heap "fengshui" on winows LFH.

# FAQ

* Q: Error in reboot vmware after crashing process.
* A: Just remove ***.lck** folder in your vm directory or wait a while and have a coffee :).Here is a simple [script](https://raw.githubusercontent.com/unamer/vmware_escape/master/cve-2017-4901/cleanvm.bat) I used to clean up.


![](https://github.com/unamer/vmware_escape/raw/master/CVE-2017-4905_and_uaf/exploit.gif)

# Reference

* https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/

EDB Note: Download ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47715.zip