I would like to download a file but I am not sure if the file has a virus in it, so I have decided to use a vm to access the website, the question now is this, assuming the file has some kind of virus in it, can the virus break out of the VM and then infect the host?
Asked
Active
Viewed 2,084 times
1 Answers
1
It's possible:
According to a security advisory posted by VMware, 360 Security technically exploited a heap buffer overflow (CVE-2017-4902) and uninitialized stack memory usage vulnerability (CVE-2017-4903) in SVGA, a virtual graphics driver in the hypervisor. The issue that Team Sniper managed to exploit was an uninitialized memory usage vulnerability (CVE-2017-4904) in ESXi, Workstation, and Fusion XHCI. A similar uninitialized memory usage vulnerability (CVE-2017-4905) could have led to an information leak on ESXi, Workstation, and Fusion. All of vulnerabilities, as the teams demonstrated, could have allowed a guest to execute code on the host.
From https://threatpost.com/vmware-patches-pwn2own-vm-escape-vulnerabilities/124629/
robinCTS
- 4,407
user919376
- 11