[Tool] CVE-2017-4901: VMware WorkStation <12.5.5 Escape Exploit
What is CVE-2017-4901?
The drag-and-drop (DnD) function in VMware Workstation and Fusion has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.
Workaround
On Workstation Pro and Fusion, the issue cannot be exploited if both the drag-and-drop function and the copy-and-paste (C&P) function are disabled. Refer to the Reference section on documentation how to disable these functions. This workaround is not available on Workstation Player.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4901 to this issue.
More info.
VMware Escape Exploit
VMware Escape Exploit before VMware WorkStation 12.5.5
Host Target: Win10 x64
Compiler: VS2013
Test on VMware 12.5.2 build-4638234
Known issues
- Failing to heap manipulation causes host process crash.
- Not quite elaborate because I’m not good at doing heap “fengshui” on winows LFH.
FAQ
- Q: Error in reboot vmware after crashing process.
- A: Just remove *.lck folder in your vm directory or wait a while and have a coffee :).Here is a simple script I used to clean up.
