VMware Exe’s Files Affected – Access Violation Memory Vulnerability

September 05, 2011   admevil   No comments

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: VMware Virtual Image Editing Framework 4.0.0 build-111735
Date: 05/09/2011
Product:VMware Virtual Image Editing Framework 4.0.0 build-111735
Vendor Notified: VMware Inc.

We have discovered that the product “VMware Virtual Image Editing Framework 4.0.0 build-111735″ presents a big hole regarding an Access Violation Code , crashing the application when you run special code.

Exe’s Affected:

C:\Program Files\VMware\VMware Workstation\pkg\vmware-acetool.exe

C:\Program Files\VMware\VMware Workstation\pkg\pkt_deploy.exe

C:\Program Files\VMware\VMware Workstation\pkg\bulkDeploy.exe

C:\Program Files\VMware\VMware Workstation\Resources\deployPkg.exe

C:\Program Files\VMware\VMware Workstation\Resources\imgCustFinalization.exe

Dump Summary

Address = 68B572E4  so on.

Access violation when reading [68B572E4] – Shift+Run/Step to pass exception to the program

A stack buffer overrun occurred in “C:\Program Files\VMware\VMware Workstation\pkg\vmware-acetool.exe”:

Debug string: This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.

Dump File: bulk.dmp : C:\Users\ivan\AppData\Local\VirtualStore\Program Files\Debugging Tools for Windows (x86)\bulk.dmp

Last Write Time: 04/09/2011 10:33:39 a.m.
Process Name: bulkDeploy.exe : C:\Program Files\VMware\VMware Workstation\pkg\bulkDeploy.exe
Process Architecture: x86
Exception Code: 0xC0000135
Exception Information:
Heap Information: Present

System Information

OS Version: 6.0.6002
CLR Version(s):

Modules

Module Name Module Path Module Version

bulkDeploy.exe C:\Program Files\VMware\VMware Workstation\pkg\bulkDeploy.exe 7.0.0.9911
ntdll.dll C:\Windows\System32\ntdll.dll 6.0.6002.18327
kernel32.dll C:\Windows\System32\kernel32.dll 6.0.6002.18449
msvcr80.dll C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll 8.0.50727.4053
msvcrt.dll C:\Windows\System32\msvcrt.dll 7.0.6002.18005

*** A stack buffer overrun occurred in “C:\Program Files\VMware\VMware Workstation\pkg\vmware-acetool.exe”:
Debug string: This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.
Debug string: If this bug ends up in the shipping product, it could be a severe security hole.
Debug string: The stack trace should show the guilty function (the function directly above __report_gsfailure).
Debug string:  *** enter .exr 7707A310 for the exception record
Debug string:  *** then kb to get the faulting stack
————————————————- so on ——————————————————–

 



Posted in: Advisories   Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 

  • Recent Comments

    • Arbaches: Java has a big hole, used by outsiders to control »
    • muhammad faisal: i like »
    • Ivan: Hi Jerr!! How are you doing? Ivan- »
    • Ivan: Hi ! How are you? Ivan- »
    • Ivan: Hello, Yeap! we are in FB /Twitter, How are you? »