Author Topic: VMware COM API ActiveX Exploit  (Read 3201 times)

0 Members and 1 Guest are viewing this topic.

September 04, 2008, 06:13:15 pm
Read 3201 times

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
A vulnerability in VMware's COM API ActiveX allows remote attackers to cause it to overflow an internal buffer which in turn can be used to execute abitrary code. Exploit/vuln testing code available here:
http://www.securiteam.com/exploits/5WP040UPFQ.html

From the perspective of MDL and malware analysis-- this vuln can be embedded on malware distribution sites in order to specifically attack machines running in a vmware emulated environment... The class ID to watch out for is:
38DB77F9-058D-4955-98AA-4A9F3B6A5B06. My usual request applies-- please let me know if you find this in the wild, even though I know nobody will. :)

TJS

September 04, 2008, 06:17:06 pm
Reply #1

sowhat-x

  • Guest
...this is certainly gonna be re-used in newer web-based exploit packs...  :-\

September 04, 2008, 08:47:45 pm
Reply #2

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Patch was released some days ago in a update i got,it had 2 others with it as well,both with the same capabilities affecting workstations 5 through 6 but I dont know about player or any other products.