Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: firstname.lastname@example.org
Versions: VMware Virtual Image Editing Framework 4.0.0 build-111735
Product: VMware Virtual Image Editing Framework
Vendor Notified: VMware Inc.
We have discovered that the product “VMware Virtual Image Editing Framework 4.0.0 build-111735″ presents a big hole as regard to DLL hijacking;The basis of this exploit is the way in which Python works and how it loads DLL files used by many applications, if an application calls a DLL without specifying an absolute path Windows will conduct a search for the DLL file in various set locations.