Two security vulnerabilities have been found in VMware tools that could allow hackers to execute code on the user systems. VMware published an advisory on August 5 regarding these two issues.
VMware released an advisory on Thursday, August 5, about two security vulnerabilities in VMware tools that affected many of the company’s products. The issues had been identified and handled earlier, allowing users time to install the patches provided.
The first security vulnerability, the CVE-2016-5330, related to DLL hijacking in VMware Tools’ Windows Version where hackers could execute arbitrary code on the host machine. The issue was highlighted by Yorick Koster who is a researcher as well as co-founder of Dutch security firm Securify.
The problem, according to Koster, lies with VMware Host Guest Client Redirector which is used for the Shared Folders feature. On opening a document using uniform naming convention, the Client Redirector would inject a DLL file called “vmhgfs.dll” into the application used to open the file. The DLL would be loaded from a relative path and Windows would search for it using dynamic-link library search order.
This would enable the malicious user to place the malicious DLL file in a location where it would be loaded before the legitimate file. This could even lead to the system being compromised.
Alternatively, this attack could also be carried out over the internet if the WebDAV Mini-Redirector is enabled. If an attacker creates his or her own malicious website with WebDAV enabled, they could lure the victims to their site and get them to open one of the documents to attack them.
The other vulnerability is an HTTP head injection problem which affects vCenter Server and ESXi. An attacker can set arbitrary HTTP cookies and responses due to lack of input validation. This could result in XSS and malicious redirection.