#VU14413 Out-of-bounds write in VMware Workstation and VMware Fusion - CVE-2018-6973

Cybersecurity Help s.r.o.

Published: 2018-08-14 | Updated: 2018-08-15

Vulnerability identifier: #VU14413

Vulnerability risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-6973

CWE-ID: CWE-787

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
VMware Workstation
Client/Desktop applications / Virtualization software
VMware Fusion
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc

Description

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The vulnerability exists due to out-of-bounds write in the e1000 device. An adjacent attacker can trigger memory corruption and execute arbitrary code withe elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Update Workstation to version 14.1.3.
Update Fusion to version 10.1.3.

Vulnerable software versions

VMware Workstation: 14.0 - 14.1.2

VMware Fusion: 10.0 - 10.1.2

External links
https://www.vmware.com/security/advisories/VMSA-2018-0022.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Arbitrary code execution in VMware Workstation and Fusion