Monday, November 14, 2016

VMware Workstation/Fusion hacked at PwnFest

Last week (November 10th to 11th) we had PwnFest, a hacking competition that took place at South Korea at the 2016 Power of Community (POC) security conference.
This year VMware was one of the many targets with VMware Workstation and VMware Fusion.

It turns out that a vulnerability has been found and exploited.
The drag and drop (DnD) functionality on those product had an out of bound memory access (buffer overflow) vulnerability that allows a guest to execute code on the operating system that runs Workstation or Fusion.

Let me be crystal clear here: This vulnerability is JUST presented on VMware Workstation and Fusion only. Nothing related to ESXi or other products.

With that said, VMware worked diligently during the past few days and on November 13th  we released the fix.

Although it's not possible to exploit it remotely, they would need to have access to your computer in order to run it, I encourage all of you to install this fix.
The protected versions are:
If for any reason you could not install it, there’s a workaround to prevent the vulnerability to be exploited. Disable DnD !!!

-       On the VM Settings
-       Click on Isolation

-       - Uncheck, Enable Drag and Drop and Enable Copy and Past

See you next!!!


tanveer hashmi said...

Thanks for the always useful information. This is great information to help garage type SEO people like me.
aVMware Workstation Player 12.5.2 Crack

Eduardo Meirelles da Rocha said...

you are welcome Tanveer.

Post a Comment

Who am I

My photo
I’m and IT specialist with over 15 years of experience, working from IT infraestructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Senior Consultant, helping customers to embrace the Cloud Era and make them succefully on this journay. Despite the fact I'm a VMware employee these postings reflect my own opnion and do not represents VMware's position, strategies or opinios.

Most Viewed Posts

Blog Archive