bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/local/47714.md
Offensive Security 8162754975 DB: 2019-11-26 
9 changes to exploits/shellcodes

SMPlayer 19.5.0 - Denial of Service (PoC)
InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)

ClamAV < 0.102.0 - 'bytecode_vm' Code Execution
Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path
Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
VMware WorkStation 12.5.5 - Virtual Machine Escape
VMware WorkStation 12.5.3 - Virtual Machine Escape
2019-11-26 05:01:44 +00:00

824 B
Raw Blame History

VMware Escape Exploit

VMware Escape Exploit before VMware WorkStation 12.5.5

Host Target: Win10 x64

Compiler: VS2013

Test on VMware 12.5.2 build-4638234

Known issues

  • Failing to heap manipulation causes host process crash.
  • Not quite elaborate because I'm not good at doing heap "fengshui" on winows LFH.

FAQ

  • Q: Error in reboot vmware after crashing process.
  • A: Just remove *.lck folder in your vm directory or wait a while and have a coffee :).Here is a simple script I used to clean up.

EDB Note ~ Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47714.zip