Pwnfest drops a nasty surprise on VMware

Drag-and-drop let users escape their VMs

Junghoon Lee. Image: Darren Pauli / The Register

VMware's rushed out a patch for the serious desktop hypervisor bug turned up at the Pwnfest hacker convention.

CVE-2016-7461 is a critical-rated out-of-bounds memory access vuln present in VMware Workstation and VMWare Fusion.

The bug scores a critical rating because it could allow a guest to “execute code on the operating system that runs Workstation or Fusion”, the company's advisory says. That's a big no-no in the virtual world: hypervisors are supposed to contain guests and keep the host OS pristine.

Here's VMware's relevant product and version info:

1

VMware Product Product Version Running on Severity Replace with/ Apply Patch Mitigation/ Workaround
Workstation Pro 12.x Any Critical 12.5.2 Disable DnD and C&P
Workstation Player 12.x Any Critical 12.5.2 None
Fusion Pro, Fusion 8.x Mac OS X Critical 8.5.2 Disable DnD and C&P
ESXi Any ESXi N/A Not affected N/A

The issue was reported by Qinghao Tang and Xinlei Ying of the 360 Marvel Team, and ace hacker “LokiHardt”.

LokiHardt, real name Jung Hoon, had already demonstrated a Microsoft Edge exploit at Pwnfest. ®


Biting the hand that feeds IT © 1998–2017