VMware Workstation and Fusion CVE-2018-6983 Local Integer Overflow Vulnerability

Bugtraq ID:	105986
Class:	Input Validation Error
CVE:	CVE-2018-6983
Remote:	No
Local:	Yes
Published:	Nov 22 2018 12:00AM
Updated:	Nov 22 2018 12:00AM
Credit:	Tianwen Tang of Qihoo 360Vulcan Team working with the Tianfu Cup 2018 International Pwn Contest.
Vulnerable:	VMWare Workstation 15.0.1 VMWare Workstation 14.1.4 VMWare Workstation 14.1.3 VMWare Workstation 14.1.1 VMWare Workstation 14.1 VMWare Workstation 15.0 VMWare Workstation 14.1.2 VMWare Workstation 14.0 VMWare Fusion 11.0.1 VMWare Fusion 10.1.4 VMWare Fusion 10.1.3 VMWare Fusion 10.1.2 VMWare Fusion 10.1.1 VMWare Fusion 11.0 VMWare Fusion 10.1 VMWare Fusion 10.0
Not Vulnerable:	VMWare Workstation 15.0.2 VMWare Workstation 14.1.5 VMWare Fusion 11.0.2 VMWare Fusion 10.1.5

VMware Workstation and Fusion CVE-2018-6983 Local Integer Overflow Vulnerability

VMware Workstation and Fusion are prone to an local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

A local attacker can leverage this issue to execute arbitrary code on the host. Failed attempts may lead to denial-of-service conditions.

VMware Workstation and Fusion CVE-2018-6983 Local Integer Overflow Vulnerability

Exploitation of this issue was demonstrated at the Pwn contest, but the exploit is not publicly available.

VMware Workstation and Fusion CVE-2018-6983 Local Integer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

VMware Workstation and Fusion CVE-2018-6983 Local Integer Overflow Vulnerability

References:

• VMware Homepage (VMware)
  
• VMSA-2018-0030: VMware Workstation and Fusion updates address an integer overfl (VMware)