====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN429
_____________________________________________________________________

DATE                : 23/12/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware Workstation versions 15.x
                                  prior to 15.5.1,
                     VMware Horizon View Agent versions 7.x.x prior to
                                  7.11.0, 7.10.1, 7.5.4.

=====================================================================
https://www.vmware.com/security/advisories/VMSA-2019-0023.html
_____________________________________________________________________

Advisory ID             VMSA-2019-0023
Advisory Severity       Moderate
CVSSv3 Range            6.3
Synopsis                VMware Workstation and Horizon View Agent
                        updates address a DLL-hijacking issue
                         (CVE-2019-5539)
Issue Date              2019-12-20
Updated On              2019-12-20 (Initial Advisory)
CVE(s)                  CVE-2019-5539


1. Impacted Products

    VMware Workstation Pro / Player for Linux (Workstation)
    VMware Horizon View Agent (View Agent)


2. Introduction
VMware Workstation and Horizon View Agent contain a DLL-hijacking issue.
Patches are available to remediate this vulnerability in affected VMware
products.


3. DLL hijacking vulnerability via Cortado Thinprint (CVE-2019-5539)

Description:

VMware Workstation and Horizon View Agent contain a DLL hijacking
vulnerability due to insecure loading of a DLL by Cortado Thinprint.
VMware has evaluated the severity of this issue to be in the moderate
severity range with a maximum CVSSv3 base score of 6.3.


Known Attack Vectors:

Successful exploitation of this issue may allow attackers with normal
user privileges to escalate their privileges to administrator on a
Windows machine where Workstation or View Agent is installed.


Resolution:

To remediate CVE-2019-5539, apply the patches listed in the 'Fixed
Version' column of the 'Resolution Matrix' found below.


Workarounds:
None.


Additional Documentations:
None.


Acknowledgements:

VMware would like to thank Peleg Hadar of SafeBreach Labs for reporting
this issue to us.



Response Matrix:
Product 	Version 	Running On 	CVE Identifier 	CVSSV3 	Severity 	Fixed
Version 	Workarounds 	Additional Documents

Workstation    	15.x 	Windows 	CVE-2019-5539   6.3   Moderate
15.5.1       None        None

View Agent 	7.x.x 	Windows 	CVE-2019-5539 	6.3   Moderate 	
7.11.0 or 7.10.1 or 7.5.4       None         None


4. References

VMware Workstation 15.5.1
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html


VMware Workstation Player 15.5.1
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html


VMware Horizon View Agent 7.11.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/7_11

https://docs.vmware.com/en/VMware-Horizon-7/7.11/rn/horizon-711-view-release-notes.html


VMware Horizon View Agent 7.10.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/7_10

https://docs.vmware.com/en/VMware-Horizon-7/7.10.1/rn/horizon-7101-view-release-notes.html


VMware Horizon View Agent 7.5.4
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon/7_5
https://docs.vmware.com/en/VMware-Horizon-7/7.5.4/rn/horizon-754-view-release-notes.html


Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5539


FIRST CVSSv3 Calculator:
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N


5. Change log


2019-12-20 : VMSA-2019-0023
Initial security advisory in conjunction with the release of Horizon
View Agent 7.10.1 and 7.5.4.

6. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce


This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org



E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055


VMware Security Advisories
https://www.vmware.com/security/advisories


VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html



VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html


VMware Security & Compliance Blog
https://blogs.vmware.com/security


Twitter
https://twitter.com/VMwareSRC



Copyright 2019 VMware Inc. All rights reserved.

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================