CVE-2019-5539

HIGH

Vmware Horizon View Agent < 7.5.4 - Uncontrolled Search Path

Title source: rule

Description

VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.

References (1)

[Patch, Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2019-0023.html

Scores

CVSS v3 7.8

EPSS 0.0021

EPSS Percentile 42.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

vmware/horizon_view_agent < 7.5.4

vmware/workstation < 15.5.1

Timeline

Published Dec 23, 2019

Tracked Since Feb 18, 2026