virtualization.info: VMware Workstation gdk-pixbuf path searching vulnerability

VMware Workstation gdk-pixbuf path searching vulnerability

Wednesday, February 16, 2005 | 0 Comments |

A new vulnerability seems to afflict the most known VMware product, providing privileges escalation: Tavis Ormandy has discovered a vulnerability in VMware Workstation, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to VMware Workstation searching for gdk-pixbuf modules in a world-writable directory. This can be exploited via a malicious module to execute arbitrary code with the privileges of the user running VMware Workstation. Successful exploitation requires that gdk-pixbuf is not installed on the system. The vulnerability has been confirmed in version 4.5.2 (build 8848). Other versions may also be affected.

Comments

Post a new comment