CVE-2016-5330

HIGH

Vmware Workstation Player < 12.1.1 - Untrusted Search Path

Title source: rule

Description

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/41711

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/vmhgfs_webdav_dll_sideload.rb

View Code ZIP pw:eip

References (8)

[Third Party Advisory] http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/539131/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92323

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036544

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036545

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036619

[Mitigation, Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2016-0010.html

[Exploit, Third Party Advisory] https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_vmware_host_guest_client_redirector.html

Scores

CVSS v3 7.8

EPSS 0.2548

EPSS Percentile 96.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-426

Status draft

Affected Products (5)

vmware/workstation_player < 12.1.1

vmware/workstation_pro < 12.1.1

vmware/esxi < 6.0

vmware/fusion < 8.1.1

vmware/tools < 10.3.22

Timeline

Published Aug 08, 2016

Tracked Since Feb 18, 2026