VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the vmware-vmx process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Workstation_player | Vmware | 12.0.0 (including) | 12.0.0 (including) |
| Workstation_player | Vmware | 12.0.1 (including) | 12.0.1 (including) |
| Workstation_player | Vmware | 12.1.0 (including) | 12.1.0 (including) |
| Workstation_player | Vmware | 12.5.0 (including) | 12.5.0 (including) |
| Workstation_player | Vmware | 12.5.1 (including) | 12.5.1 (including) |
| Workstation_player | Vmware | 12.5.2 (including) | 12.5.2 (including) |
| Workstation_pro | Vmware | 12.0.0 (including) | 12.0.0 (including) |
| Workstation_pro | Vmware | 12.0.1 (including) | 12.0.1 (including) |
| Workstation_pro | Vmware | 12.1.0 (including) | 12.1.0 (including) |
| Workstation_pro | Vmware | 12.5.0 (including) | 12.5.0 (including) |
| Workstation_pro | Vmware | 12.5.1 (including) | 12.5.1 (including) |
| Workstation_pro | Vmware | 12.5.2 (including) | 12.5.2 (including) |