漏洞描述
该整数下溢漏洞存在于 VMCI(虚拟机通信接口)中,可能导致越界写入。攻击者必须拥有虚拟机的本地管理员权限才能利用该漏洞。攻击者可以利用该漏洞以虚拟机在主机上运行的 VMX 进程的身份执行代码。
在 ESXi 上,漏洞利用过程包含在 VMX 沙箱中;而在 Workstation 和 Fusion 上,漏洞利用可能导致在安装 Workstation 或 Fusion 的宿主机上执行代码。
VMware ESXi、Workstation、Fusion VMCI 整数下溢漏洞
PoC代码
暂无相关漏洞推荐
- Adobe ColdFusion /hax/..CFIDE/wizards/common/utils.cfc 权限绕过漏洞(CVE-2023-38205)
- CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2010-2861: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
- POC CVE-2017-3506: Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution
- POC CVE-2018-15961: Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
- POC CVE-2018-2791: Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting
- POC CVE-2018-3238: Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
- POC CVE-2018-8727: Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion
- POC CVE-2019-2578: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control
- POC CVE-2019-2579: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection
- POC CVE-2020-14864: Oracle Fusion - Directory Traversal/Local File Inclusion
- POC CVE-2020-14883: Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution
- POC CVE-2020-24949: PHP-Fusion 9.03.50 - Remote Code Execution