Lucene search
Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) of STAR Labs SG Pte. Ltd.ZDI-23-522HistoryMay 01, 2023 - 12:00 a.m.
(Pwn2Own) VMware Workstation UHCI Component Stack-based Buffer Overflow Local Privilege Escalation Vulnerability
2023-05-0100:00:00
Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) of STAR Labs SG Pte. Ltd.
www.zerodayinitiative.com
22
pwn2own
vmware workstation
uhci component
buffer overflow
privilege escalation
EPSS
0.002
Percentile
53.2%
This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the UHCI component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor.
Related
nvd
nvd
CVE-2023-20869
2023-04-25 22:15:09
cvelist
cvelist
CVE-2023-20869
2023-04-25 00:00:00
prion
prion
Stack overflow
2023-04-25 22:15:00
cve
cve
CVE-2023-20869
2023-04-25 22:15:09
kaspersky
kaspersky
KLA49049 Multiple vulnerabilities in VMware Workstation
2023-04-25 00:00:00
malwarebytes
malwarebytes
Update now: Critical flaw in VMWare Fusion and VMWare Workstation
2023-04-28 00:45:00
vmware
vmware
nessus
nessus
VMware Fusion 13.0.x < 13.0.2 Multiple Vulnerabilities (VMSA-2023-0008)
2023-04-25 00:00:00
VMware Workstation 17.0.x < 17.0.2 Multiple Vulnerabilities (VMSA-2023-0008)
2023-04-25 00:00:00
thn
thn
VMware Releases Critical Patches for Workstation and Fusion Software
2023-04-26 07:05:00