VMware Tools vm3dmp Driver Local Denial of Service Vulnerability



A vulnerability in VMware Tools for Windows could allow a local attacker to access sensitive information or cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to an out of bounds read condition that exists in the vm3dmp driver of the affected software. An attacker with non-administrative access to a targeted Windows guest system with VMware Tools installed could exploit this vulnerability to access sensitive kernel information or cause a DoS condition on the system. A successful exploit could be used to conduct further attacks.

VMware has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-5522

Source:: Cisco Multivendor Vulnerability Alerts