Subscribe via feed.

VMware Fusion USB Arbitrator Setuid Privilege Escalation

Posted by deepcore on April 3, 2020 – 2:13 pm

This Metasploit module exploits an improper use of setuid binaries within VMware Fusion versions 10.1.3 through 11.5.3. The Open VMware USB Arbitrator Service can be launched outside of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home directory in a specific folder, and creating a hard link to the Open VMware USB Arbitrator Service binary, we are able to launch it temporarily to start our payload with an effective UID of 0.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.