Home / News / DLL Hijacking leads to Code Execution due to VMware Tools Vulnerability
KeePass to stop patching vulnerability to continue making money through ads

DLL Hijacking leads to Code Execution due to VMware Tools Vulnerability

Two security vulnerabilities have been found in VMware tools that could allow hackers to execute code on the user systems. VMware published an advisory on August 5 regarding these two issues.

VMware released an advisory on Thursday, August 5, about two security vulnerabilities in VMware tools that affected many of the company’s products. The issues had been identified and handled earlier, allowing users time to install the patches provided.

The first security vulnerability, the CVE-2016-5330, related to DLL hijacking in VMware Tools’ Windows Version where hackers could execute arbitrary code on the host machine. The issue was highlighted by Yorick Koster who is a researcher as well as co-founder of Dutch security firm Securify.

The problem, according to Koster, lies with VMware Host Guest Client Redirector which is used for the Shared Folders feature. On opening a document using uniform naming convention, the Client Redirector would inject a DLL file called “vmhgfs.dll” into the application used to open the file. The DLL would be loaded from a relative path and Windows would search for it using dynamic-link library search order.

This would enable the malicious user to place the malicious DLL file in a location where it would be loaded before the legitimate file. This could even lead to the system being compromised.

Alternatively, this attack could also be carried out over the internet if the WebDAV Mini-Redirector is enabled. If an attacker creates his or her own malicious website with WebDAV enabled, they could lure the victims to their site and get them to open one of the documents to attack them.

The other vulnerability is an HTTP head injection problem which affects vCenter Server and ESXi. An attacker can set arbitrary HTTP cookies and responses due to lack of input validation. This could result in XSS and malicious redirection.

About Ali Raza

Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a master degree, now he combines his passions for writing about internet security and technology. When he is not working, he loves traveling and playing games.

Check Also

Web malware used to steal card data from e-commerce websites

Web malware used to steal card data from e-commerce websites

A campaign which cyber criminals have been attacking the various e-commerce websites online has been …

Leave a Reply

Your email address will not be published. Required fields are marked *