Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5522

VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

Published

2019-06-06T19:29:00.830

Last Modified

2024-11-21T04:45:06.360

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.1 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	tools	< 10.3.10	Yes
Operating System	microsoft	windows	-	No

References

http://www.securityfocus.com/bid/108673 Third Party Advisory, VDB Entry ([email protected])
https://www.vmware.com/security/advisories/VMSA-2019-0009.html Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/108673 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2019-0009.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)