VMware

VMware Workstation 15.5.0 build-14665864 crashe… |VMware Communities


There’s a 100% reproducible bug in VMware Workstation 15.5.0 build-14665864.  I’ve only tested on a Windows host.

  1. Install VMware Workstation 15.5.0 build-14665864 on a Windows host.
  2. Install 7-zip on your host.
  3. Drag a file from a 7-zip-opened archive into a VM (any OS, as long as tools are installed)
  4. Enjoy your Stack Buffer Overrun (/GS Exception)

 

0:000> !exploitable -v

 

!exploitable 1.6.0.0

HostMachineHostUser

Executing Processor Architecture is x64

Debuggee is in User Mode

Debuggee is a live user mode debugging session on the local machine

Event Type: Exception

Exception Faulting Address: 0x7ffae6bec4df

Second Chance Exception Type: STATUS_STACK_BUFFER_OVERRUN (0xC0000409)

 

Exception Hash (Major/Minor): 0xef80f209.0x6a72959b

 

Hash Usage : Stack Trace:

Major+Minor : ntdll!LdrpICallHandler+0xf

Excluded    : ntdll!RtlpExecuteHandlerForException+0xf

Excluded    : ntdll!RtlDispatchException+0x219

Major+Minor : ntdll!KiUserExceptionDispatch+0x2e

Major+Minor : ntdll!LdrpDispatchUserCallTarget+0xe

Major+Minor : vmware_vmx+0x9618c

Major+Minor : vmware_vmx+0x572d46

Minor       : vmware_vmx+0x57a352

Minor       : vmware_vmx+0x9677f

Minor       : vmware_vmx+0x96a97

Minor       : vmware_vmx+0x58b21

Minor       : vmware_vmx+0x235c50

Minor       : vmware_vmx+0x1683a

Minor       : vmware_vmx+0x16c45

Minor       : vmware_vmx+0x165f8

Minor       : vmware_vmx+0x15639

Minor       : vmware_vmx+0x499c2b

Minor       : vmware_vmx+0xe626

Minor       : vmware_vmx+0xd310

Minor       : vmware_vmx+0xdcfb

Minor       : vmware_vmx+0xb6c2

Minor       : KERNEL32!BaseThreadInitThunk+0x14

Minor       : ntdll!RtlUserThreadStart+0x21

Instruction Address: 0x00007ffae6bec4df

 

Description: Stack Buffer Overrun (/GS Exception)

Short Description: GSViolation

Exploitability Classification: EXPLOITABLE

Recommended Bug Title: Exploitable – Stack Buffer Overrun (/GS Exception) starting at ntdll!LdrpICallHandler+0x000000000000000f (Hash=0xef80f209.0x6a72959b)

 

An overrun of a protected stack buffer has been detected. This is considered exploitable, and must be fixed.



Source link

 

To see the full content, share this page by clicking one of the buttons below

Related Articles

Leave a Reply