ZDI-23-521: (Pwn2Own) VMware Workstation UHCI Component Uninitialized Variable Information Disclosure Vulnerability | allinfosecnews.com

May 1, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.

attackers code disclosure exploit high information information disclosure information disclosure vulnerability local order privileged pwn2own sensitive sensitive information system target variable vmware vmware workstation vulnerability workstation zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability 2 days, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers bluetooth code +20

ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-437: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-436: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-435: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-434: Dassault Systèmes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability 2 days, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-433: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-432: Dassault Systèmes eDrawings Viewer JT File Parsing Memory Corruption Remote Code Execution Vulnerability 2 days, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +17

ZDI-24-431: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 6 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

SITEC - Pen Tester

@ Peraton | MacDill AFB, FL, United States

View on infosec-jobs.com

Information Security Specialist (Sr. OT Security Engineer)

@ Vertiv | Philippines

View on infosec-jobs.com

Product Security Engineer

@ Anduril | Costa Mesa, California, United States

View on infosec-jobs.com

Cybersecurity Tools Engineer

@ Uni Systems | Mons, Wallonia, Belgium

View on infosec-jobs.com

Baseband Security Lead

@ Babcock | Corsham, GB, SN13 9NP

View on infosec-jobs.com

Cyber Network Defense Analyst III

@ KBR, Inc. | VA149: 1110 N Glebe Road Arlington 1110 North Glebe Road Suite 630, Arlington, VA, 22201 USA

View on infosec-jobs.com