VMware fixes host privilege escalation bug in Workstation, Player, Horizon View
VMware has issued software updates for VMware Workstation, Player, and Horizon View Client for Windows, which fix relatively serious a host privilege escalation vulnerability (CVE-2015-3650).
Reported by Kyriakos Economou, vulnerability researcher at Nettitude, the bug is the result of VMware Workstation, Player and Horizon View Client for Windows not setting a discretionary access control list (DACL) for one of their processes.
“This may allow a local attacker to elevate their privileges and execute code in the security context of the affected process,” VMware says in an advisory published on Thursday.
Affected product versions include VMware Workstation 11.x and 10.x, VMware Player 7.x and 6.x, and VMware Horizon Client for Windows (with Local Mode Option) 5.x.