### [CVE-2019-5518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5518)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20ESXi%2C%20Workstation%2C%20Fusion&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20read%2Fwrite%20vulnerability&color=brighgreen)

### Description

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

### POC

#### Reference
- http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html

#### Github
No PoCs found on GitHub currently.