Intrusion Prevention

VMware.Host.Guest.Client.Redirector.DLL.Side.Loading

Description

This indicates an attack attempt against an Insecure Library Loading vulnerability in VMware Tools.
This vulnerability is due to a design flaw in VMware Tools' module when handling DLL loading. The attacker can exploit this to upload malicious DLL file to take control of the affected system by luring a user to open a document in an attacker's share drive.

Affected Products

VMware Tools for Windows version 10.0.5 and prior
VMware workstation Pro version 12.1 and prior
VMware workstation Player version 12.1 and prior
VMware ESXI version 5.0, 5.1, 5.5 and 6.0
VMware Fusion version 8.1 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.vmware.com/in/security/advisories/VMSA-2016-0010.html

CVE References

CVE-2016-5330