Vulnerability Details CVE-2016-5330
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.159
EPSS Ranking 94.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.4
References
- http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload
- http://www.securityfocus.com/archive/1/539131/100/0/threaded
- http://www.securityfocus.com/bid/92323
- http://www.securitytracker.com/id/1036544
- http://www.securitytracker.com/id/1036545
- http://www.securitytracker.com/id/1036619
- http://www.vmware.com/security/advisories/VMSA-2016-0010.html
- https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_vmware_host_guest_client_redirector.html
- http://www.rapid7.com/db/modules/exploit/windows/misc/vmhgfs_webdav_dll_sideload
- http://www.securityfocus.com/archive/1/539131/100/0/threaded
- http://www.securityfocus.com/bid/92323
- http://www.securitytracker.com/id/1036544
- http://www.securitytracker.com/id/1036545
- http://www.securitytracker.com/id/1036619
- http://www.vmware.com/security/advisories/VMSA-2016-0010.html
- https://securify.nl/advisory/SFY20151201/dll_side_loading_vulnerability_in_vmware_host_guest_client_redirector.html
Products affected by CVE-2016-5330
-
cpe:2.3:a:vmware:fusion:8.1
-
cpe:2.3:a:vmware:fusion:8.1.0
-
cpe:2.3:a:vmware:tools:10.0.0
-
cpe:2.3:a:vmware:tools:10.0.12
-
cpe:2.3:a:vmware:tools:10.0.5
-
cpe:2.3:a:vmware:tools:10.0.6
-
cpe:2.3:a:vmware:tools:10.0.8
-
cpe:2.3:a:vmware:tools:10.0.9
-
cpe:2.3:a:vmware:tools:10.1
-
cpe:2.3:a:vmware:tools:10.1.0
-
cpe:2.3:a:vmware:tools:10.1.10
-
cpe:2.3:a:vmware:tools:10.1.15
-
cpe:2.3:a:vmware:tools:10.1.5
-
cpe:2.3:a:vmware:tools:10.1.7
-
cpe:2.3:a:vmware:tools:10.2
-
cpe:2.3:a:vmware:tools:10.2.1
-
cpe:2.3:a:vmware:tools:10.2.5
-
cpe:2.3:a:vmware:tools:10.3.0
-
cpe:2.3:a:vmware:tools:10.3.10
-
cpe:2.3:a:vmware:tools:10.3.2
-
cpe:2.3:a:vmware:tools:10.3.20
-
cpe:2.3:a:vmware:tools:10.3.21
-
cpe:2.3:a:vmware:tools:10.3.22
-
cpe:2.3:a:vmware:tools:10.3.5
-
cpe:2.3:a:vmware:tools:9.0.0
-
cpe:2.3:a:vmware:tools:9.0.1
-
cpe:2.3:a:vmware:tools:9.0.10
-
cpe:2.3:a:vmware:tools:9.0.11
-
cpe:2.3:a:vmware:tools:9.0.12
-
cpe:2.3:a:vmware:tools:9.0.13
-
cpe:2.3:a:vmware:tools:9.0.15
-
cpe:2.3:a:vmware:tools:9.0.16
-
cpe:2.3:a:vmware:tools:9.0.17
-
cpe:2.3:a:vmware:tools:9.0.5
-
cpe:2.3:a:vmware:tools:9.10.0
-
cpe:2.3:a:vmware:tools:9.10.1
-
cpe:2.3:a:vmware:tools:9.10.5
-
cpe:2.3:a:vmware:tools:9.4.0
-
cpe:2.3:a:vmware:tools:9.4.10
-
cpe:2.3:a:vmware:tools:9.4.11
-
cpe:2.3:a:vmware:tools:9.4.12
-
cpe:2.3:a:vmware:tools:9.4.15
-
cpe:2.3:a:vmware:tools:9.4.5
-
cpe:2.3:a:vmware:workstation_player:12.1.0
-
cpe:2.3:a:vmware:workstation_pro:12.1.0
-
cpe:2.3:o:apple:mac_os_x:-
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:vmware:esxi:5.0
-
cpe:2.3:o:vmware:esxi:5.1
-
cpe:2.3:o:vmware:esxi:5.5
-
cpe:2.3:o:vmware:esxi:5.5.0
-
cpe:2.3:o:vmware:esxi:6.0