Summary:DBAppsecurity Security Research Team discovered a code execution vulnerability exists in the VMware Server Console. An attacker can execute arbitrary code on the affected system by exploiting this vulnerability.

Impact:code execution

Risk:Medium

Affected Software:VMware Server Console 1.0.5 build-80187

Detail:
(1694.115c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0013ea41 ebx=02cc8618 ecx=0013ffe6 edx=0013ecfb esi=00140000 edi=7c365b52
eip=7c365baf esp=0013e798 ebp=0013e79c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
MSVCR71!_makepath+0x5d:
7c365baf 8806 mov byte ptr [esi],al ds:0023:00140000=41
0:000> k
ChildEBP RetAddr
0013e79c 029c8722 MSVCR71!_makepath+0x5d
WARNING: Stack unwind information not available. Following frames may be wrong.
0013ece8 41414141 vmapputil!Ordinal202+0xf2
0013ecec 41414141 0x41414141
0013ecf0 41414141 0x41414141
0013ecf4 41414141 0x41414141
0013ecf8 41415c41 0x41414141
0013ecfc 41414141 0x41415c41
0013ed00 41414141 0x41414141
0013ed04 41414141 0x41414141
0013ed08 41414141 0x41414141
0013ed0c 41414141 0x41414141
0013ed10 5c414141 0x41414141
0013ed14 41414141 0x5c414141
0013ed18 41414141 0x41414141
0013ed1c 41414141 0x41414141
0013ed20 41414141 0x41414141
0013ed24 41414141 0x41414141
0013ed28 41414141 0x41414141
0013ed2c 41415c41 0x41414141
0013ed30 41414141 0x41415c41
0:000> !exchain
0013ed04: 41414141
Invalid exception stack at 41414141

CVE Information:CVE ID:To come.

Acknowledgment:DBAppsecurity Security Research Team (Shennan Wang)

About DBAppsecurity:DBAPPSecurity is a company focused on Application security and Database security.

Disclaimer:None of this information shall be abused.

Contact:info@dbAppSecurity.com