CVE-2015-3650

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 7.x through 10.x before 10.0.7 VMware Workstation versions 11.x before 11.1.1 VMware Player versions 5.x and 6.x before 6.0.7 VMware Player versions 7.x before 7.1.1 VMware Horizon Client versions 5.x local-mode before 5.4.2

Description The issue arises from vmware-vmx.exe not providing a valid DACL pointer during the setup of the vprintproxy.exe process. This allows host OS users to gain host OS privileges by injecting a thread.

Recommendations For VMware Workstation versions 7.x through 10.x before 10.0.7, update to version 10.0.7 or later. For VMware Workstation versions 11.x before 11.1.1, update to version 11.1.1 or later. For VMware Player versions 5.x and 6.x before 6.0.7, update to version 6.0.7 or later. For VMware Player versions 7.x before 7.1.1, update to version 7.1.1 or later. For VMware Horizon Client versions 5.x local-mode before 5.4.2, update to version 5.4.2 or later.