CVE-2019-5539

VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
vmwarehorizon_view_agent
7.5.0 ≤
𝑥
< 7.5.4
vmwarehorizon_view_agent
7.10.0 ≤
𝑥
< 7.10.1
vmwareworkstation
15.0.0 ≤
𝑥
< 15.5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vmware.com/security/advisories/VMSA-2019-0023.html
https://www.vmware.com/security/advisories/VMSA-2019-0023.html