Posted by VMware Security Response Center on Nov 13

————————————————————————

VMware Security Advisory

Advisory ID: VMSA-2016-0019
Severity: Critical
Synopsis: VMware Workstation and Fusion updates address critical
out-of-bounds memory access vulnerability
Issue date: 2016-11-13
Updated on: 2016-11-13 (Initial Advisory)
CVE number: CVE-2016-7461

1. Summary

VMware Workstation and Fusion…

Posted by Julian Horoszkiewicz on Nov 13

Unexpected behavior of cmd.exe while processing .bat files leads to
potential command injection vulnerabilities
Tested on: Windows 7, Windows 10
Author: Julian Horoszkiewicz

It was discovered that cmd.exe, when processing .bat files, treats the
ASCII substitute character (code 26) as a command separator (like & or |).
This opens the way for unexpected command injection vulnerabilities in
applications which generate .bat files based on user…