CVE-2019-5522
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
La actualización de VMware Tools para Windows corrige una vulnerabilidad de lectura fuera de límites en el controlador vm3dmp, que se instala con vmtools en máquinas invitadas de Windows. Este problema está presente en las versiones 10.2. x y 10.3. x antes de 10.3.10. Es posible que un atacante local con acceso no administrativo a un invitado de Windows con VMware Tools instalado pueda filtrar la información del kernel o crear un ataque de denegación de servicio en la misma máquina de invitados de Windows.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-07 CVE Reserved
- 2019-06-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/108673 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2019-0009.html | 2019-06-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Tools Search vendor "Vmware" for product "Tools" | >= 10.0.0 < 10.3.10 Search vendor "Vmware" for product "Tools" and version " >= 10.0.0 < 10.3.10" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|