CVE-2018-6983 VMware Workstation and Fusion updates address an integer overflow issue – 22nd Nov 2018

Preface:
VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems[4] (an x86 version of earlier releases was available);[3] it enables users to set up virtual machines (VMs) on a single physical machine, and use them simultaneously along with the actual machine.

Findings:
VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.

Official announcement and Remedy:
https://www.vmware.com/security/advisories/VMSA-2018-0030.html

Comment:
Since the public announcement did not provide the technical details. However I suspected that a design weakness on True type font parser (embedded in the TPView.dll) not been remediated. The similar vulnerability found last year. The CVE reference number is CVE-2017-4913.

Remark: Be a happy black Friday but not for this vulnerability. Yes, this is the shopping on AWS,..etc. Happy hunting.


One thought on “CVE-2018-6983 VMware Workstation and Fusion updates address an integer overflow issue – 22nd Nov 2018”

  1. Hey would you mind letting me know which webhost you’re utilizing? I’ve loaded your blog in 3 completely different browsers and I must say this blog loads a lot quicker then most. Can you suggest a good web hosting provider at a reasonable price? Thank you, I appreciate it!|

Comments are closed.