VMware Workstation makes host OS vulnerable to com1 port manipulation
A Google security researcher has published a vulnerability in VMware Workstation. Printing manipulated content from a guest operating system through the virtual com1 port can run malicious code on the host operating system.
VMware Workstation with Windows as host operating system installs and launches a virtual com1 printer port by default. This component, vprintproxy.exe, makes it possible to issue print commands on the guest operating system which are then copied to the printer spooler on the underlying host system. However, Kostya Kortchinsky of the Google Security Team has found a vulnerability in the handling of printer commands from the guest system. After raising the bugs with VMware and after releasing an update of VMware Workstation to version 11.1.1, Kortchinsky has published the leak, including exploit code.
The bugs can be exploited by sending specially modified content, such as a manipulated jpeg2000 file, to the com1 port from the guest system. This does not require administrator access. The errors in vprintproxy.exe can launch malicious code on the host system.
The security problem can be solved by updating VMware to the latest version. A system administrator can also choose to completely disable the virtual printer in the settings, so that vprintproxy.exe no longer runs in the background.