CVE-2019-5512

HIGH

VMware Workstation <15.0.3-14.1.6 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-5512. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a COM class hijacking vulnerability in VMware Workstation/Player on Windows, allowing a local attacker to elevate privileges by forcing the VMX process to load a malicious DLL. The PoC involves registry modification and a custom DLL to achieve code execution in an elevated context.

Description

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textlocalwindows
https://www.exploit-db.com/exploits/46601

This exploit demonstrates a COM class hijacking vulnerability in VMware Workstation/Player on Windows, allowing a local attacker to elevate privileges by forcing the VMX process to load a malicious DLL. The PoC involves registry modification and a custom DLL to achieve code execution in an elevated context.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: VMware Workstation Windows v14.1.5, VMware Player 15
Auth required
Prerequisites: Local access to the target system · Ability to modify registry keys · Compiled malicious DLL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.vmware.com/security/advisories/VMSA-2019-0002.html

Scores

CVSS v3 8.8
EPSS 0.0123
EPSS Percentile 64.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

Status published
Products (1)
vmware/workstation 14.0.0 - 14.1.6
Published Apr 09, 2019
Tracked Since Feb 18, 2026