CVE-2019-5526

HIGH EXPLOITED

VMware Workstation 15.0.0-15.0.x - DLL Hijacking Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2019-5526 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Miguel Mendez Z. & Claudio Cortes C..

AI-analyzed exploit summary This exploit demonstrates a DLL hijacking vulnerability in VMware Workstation by replacing the shfolder.dll and hooking the SHGetFolderPathW function to execute arbitrary code. The PoC displays a message box as proof of concept.

Description

VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue because some DLL files are improperly loaded by the application. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a windows host where Workstation is installed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Miguel Mendez Z. & Claudio Cortes C. · textlocalwindows

https://www.exploit-db.com/exploits/46851

View Code ZIP pw:eip

This exploit demonstrates a DLL hijacking vulnerability in VMware Workstation by replacing the shfolder.dll and hooking the SHGetFolderPathW function to execute arbitrary code. The PoC displays a message box as proof of concept.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: VMware Workstation Pro / Player (Workstation) < 15.1.0

No auth needed

Prerequisites: Access to the target system to place the malicious DLL in a directory with higher search order priority

MITRE ATT&CK

T1574.001 - DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.vmware.com/security/advisories/VMSA-2019-0007.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/108333

Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/152946/VMware-Workstation-DLL-Hijacking.html

Scores

CVSS v3 7.8

EPSS 0.0921

EPSS Percentile 94.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-06-22

CWE

CWE-427

Status published

Products (1)

vmware/workstation 15.0.0 - 15.1.0

Published May 15, 2019

Tracked Since Feb 18, 2026