Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
| Link | Tags |
|---|---|
| http://www.securitytracker.com/id/1036544 | vdb entry third party advisory |
| http://www.securitytracker.com/id/1036619 | vdb entry third party advisory |
| http://www.securityfocus.com/bid/92323 | vdb entry third party advisory |
| http://www.vmware.com/security/advisories/VMSA-2016-0010.html | mitigation vendor advisory |
| http://www.securityfocus.com/archive/1/539131/100/0/threaded | mailing list vdb entry third party advisory |
| http://www.securitytracker.com/id/1036545 | vdb entry third party advisory |
| https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_vmware_host_guest_client_redirector.html | third party advisory exploit |
| http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload | third party advisory |