Vigil@nce - VMWare Workstation: information disclosure via vmx86
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can read an arbitrary chosen memory fragment of
the MS-Windows kernel memory via the driver vmx86 of VMWare
Workstation, in order to obtain sensitive information.
Impacted products: VMware Workstation
Severity: 2/4
Creation date: 05/11/2014
DESCRIPTION OF THE VULNERABILITY
The VMWare Workstation product include a kernel device driver
named vmx86.sys.
To communicate with a kernel driver, applications use the system
call DeviceIoControlFile. One of the operation defined by the
driver and callable with DeviceIoControlFile allows the caller
process to get a copy of the kernel memory from an address defined
by the user process. The aim of this device interface is unknown.
A local attacker can therefore read an arbitrary chosen memory
fragment of the MS-Windows kernel memory via the driver vmx86 of
VMWare Workstation, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/VMWare-Workstation-information-disclosure-via-vmx86-15594