Security bypass in VMware Tools - CVE-2016-5328
Published: October 31, 2016
Vulnerability identifier: #VU1104
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2016-5328
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Tools
VMware Tools
Detailed vulnerability description
The vulnerability allows a local user to bypass security restrictions on the target system.
The weakness is due to access control flaw. By obtaining kernel memory address information, a local attacker can bypass address space layout randomization (ASLR) security protections.
Successful exploitation of the vulnerability results in access to the vulnerable system.
The weakness is due to access control flaw. By obtaining kernel memory address information, a local attacker can bypass address space layout randomization (ASLR) security protections.
Successful exploitation of the vulnerability results in access to the vulnerable system.
How to mitigate CVE-2016-5328
Update to version 10.0.1.