VMware issued security advisories for VMware Workstation Pro/Player and VMware Horizon.
The two vulnerabilities in VMware Workstation Pro/Player (workstation), CVE-2019-5511 and CVE-2019-5512, are rated important and concern elevation of privilege issues. The organization said workstation does not handle paths and COM paths appropriately and a successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege or allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
Those affected should upgrade to VMware Workstation Pro 14.1.6, 15.0.3 or VMware Workstation Player 14.1.6, 15.0.3.
The VMware Horizon flaw, CVE-2019-5513, is rated moderate and is due to the VMware Horizon Connection Server containing an information disclosure vulnerability. If exploited this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address.
VMware recommends updating to VMware Horizon 7 version 7.8, VMware Horizon 7 version 7.5.2 and VMware Horizon 6 version 6.2.8.
