Author Topic: VMware COM API ActiveX Exploit (Read 4348 times)

tjs · September 04, 2008, 06:13:15 pm

A vulnerability in VMware's COM API ActiveX allows remote attackers to cause it to overflow an internal buffer which in turn can be used to execute abitrary code. Exploit/vuln testing code available here:
http://www.securiteam.com/exploits/5WP040UPFQ.html

From the perspective of MDL and malware analysis-- this vuln can be embedded on malware distribution sites in order to specifically attack machines running in a vmware emulated environment... The class ID to watch out for is:
38DB77F9-058D-4955-98AA-4A9F3B6A5B06. My usual request applies-- please let me know if you find this in the wild, even though I know nobody will.

TJS

sowhat-x · September 04, 2008, 06:17:06 pm

...this is certainly gonna be re-used in newer web-based exploit packs... $:-\$

CM_MWR · September 04, 2008, 08:47:45 pm

Patch was released some days ago in a update i got,it had 2 others with it as well,both with the same capabilities affecting workstations 5 through 6 but I dont know about player or any other products.

Author Topic: VMware COM API ActiveX Exploit (Read 4348 times)

tjs

VMware COM API ActiveX Exploit

sowhat-x

Re: VMware COM API ActiveX Exploit

CM_MWR

Re: VMware COM API ActiveX Exploit