VMware Workstation enables host OS vulnerable to manipulation com1 port

Jun

22

2015

A Google security researcher has published a vulnerability in VMware Workstation. By manipulated content to print from a guest operating system via the virtual com1 port allows malicious code to be run on the host operating system.

In VMware Workstation Windows host operating system is installed and running a virtual com1 standard printer port. This component, vprintproxy.exe, makes it possible to display on the guest operating system print jobs which are then copied to the print spooler to the underlying host system. But Kostya Kortchinsky of the Google Security Team has found a vulnerability in the handling of printer commands from the host system. After the bugs at VMware have raised and after the release of an update of VMware Workstation to version 11.1.1 has Kortchinsky leak published , including exploit code.

The bugs can be exploited by from the host system specially customized content, such as sending a specially malformed JPEG2000 file to com1 port. Therefore no administrator access is required. Because of the errors in vprintproxy.exe malicious code can be started on the host system.

The security problem can be remedied by VMware to update to the latest version. An administrator can also choose to turn off completely the virtual printer settings, so vprintproxy.exe no longer running in the background.

Viewing:-191

In: Technology & Gadgets Asked By: [15780 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »