发布日期：2019-03-30
更新日期：2019-04-03

受影响系统：

VMWare Workstation 14.x < 14.1.6
VMWare Fusion 10.x < 10.1.6

描述：

---

BUGTRAQ  ID: 107635
CVE(CAN) ID: CVE-2019-5524

VMware Workstation是一套虚拟机软件。VMware Fusion是一套专用于在苹果机（Mac）上运行Windows应用程序的的虚拟机软件。

VMware Workstation和Fusion在e1000虚拟网卡实现中存在越界写操作安全漏洞，成功利用后可使客户端用户在主机上执行任意代码或导致拒绝服务。

<*来源：Zhangyanyu
  
  链接：https://www.vmware.com/security/advisories/VMSA-2019-0005.html
*>

建议：

---

厂商补丁：

VMWare
------
VMWare已经为此发布了一个安全公告（VMSA-2019-0005）以及相应补丁:
VMSA-2019-0005：VMware ESXi, Workstation and Fusion updates address multiple security issues
链接：https://www.vmware.com/security/advisories/VMSA-2019-0005.html

补丁下载：

ESXi 6.7

Downloads:  https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201903001.html



ESXi 6.5  
Downloads: https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201903001.html



ESXi 6.0  
Downloads: https://my.vmware.com/group/vmware/patch

Documentation: https://docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201903001.html



VMware Workstation Pro 14.1.6, 14.1.7, 15.0.3, 15.0.4
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html



VMware Workstation Player 14.1.6, 14.1.7, 15.0.3, 15.0.4
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html



VMware Fusion Pro / Fusion 10.1.6, 11.0.3
Downloads and Documentation:

https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html

浏览次数：3345
严重程度：0（网友投票）