Sunday , February 28 2021
Home / News / DLL Hijacking leads to Code Execution due to VMware Tools Vulnerability
KeePass to stop patching vulnerability to continue making money through ads

DLL Hijacking leads to Code Execution due to VMware Tools Vulnerability

Two security vulnerabilities have been found in VMware tools that could allow hackers to execute code on the user systems. VMware published an advisory on August 5 regarding these two issues.

VMware released an advisory on Thursday, August 5, about two security vulnerabilities in VMware tools that affected many of the company’s products. The issues had been identified and handled earlier, allowing users time to install the patches provided.

The first security vulnerability, the CVE-2016-5330, related to DLL hijacking in VMware Tools’ Windows Version where hackers could execute arbitrary code on the host machine. The issue was highlighted by Yorick Koster who is a researcher as well as co-founder of Dutch security firm Securify.

The problem, according to Koster, lies with VMware Host Guest Client Redirector which is used for the Shared Folders feature. On opening a document using uniform naming convention, the Client Redirector would inject a DLL file called “vmhgfs.dll” into the application used to open the file. The DLL would be loaded from a relative path and Windows would search for it using dynamic-link library search order.

This would enable the malicious user to place the malicious DLL file in a location where it would be loaded before the legitimate file. This could even lead to the system being compromised.

Alternatively, this attack could also be carried out over the internet if the WebDAV Mini-Redirector is enabled. If an attacker creates his or her own malicious website with WebDAV enabled, they could lure the victims to their site and get them to open one of the documents to attack them.

The other vulnerability is an HTTP head injection problem which affects vCenter Server and ESXi. An attacker can set arbitrary HTTP cookies and responses due to lack of input validation. This could result in XSS and malicious redirection.

About Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of, too, a site dedicated to educating people on online privacy and spying.

Check Also

Unblock Facebook at School

Russia to Target Facebook After Attack on Telegram

Following the mass-blocking of millions of IP addresses in the battle against Telegram, Roskomnadzor, the …

Leave a Reply

Your email address will not be published. Required fields are marked *