CVE-2019-5539

VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10.x prior to 7.10.1 and 7.5.x prior to 7.5.4) contain a DLL hijacking vulnerability due to insecure loading of a DLL by Cortado Thinprint. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to administrator on a Windows machine where Workstation or View Agent is installed.

Published: Dec 23, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5539
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-427

Affected Software
References

Software	From	Fixed in
vmware / horizon_view_agent	7.5.0	7.5.4
vmware / horizon_view_agent	7.10.0	7.10.1
vmware / workstation	15.0.0	15.5.1

https://www.vmware.com/security/advisories/VMSA-2019-0023.html

Vulnerability Database

289,599

CVE-2019-5539