CVE-2019-5526
HIGH EXPLOITEDVmware Workstation < 15.1.0 - Uncontrolled Search Path
Title source: ruleDescription
VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Miguel Mendez Z. & Claudio Cortes C. · textlocalwindows
https://www.exploit-db.com/exploits/46851
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.vmware.com/security/advisories/VMSA-2019-0007.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108333
Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/152946/VMware-Workstation-DLL-Hijacking.html
Scores
CVSS v3
7.8
EPSS
0.0683
EPSS Percentile
91.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2023-06-22
CWE
CWE-427
Status
published
Products (1)
vmware/workstation
15.0.0 - 15.1.0
Published
May 15, 2019
Tracked Since
Feb 18, 2026