Heap Buffer-Overflow Vulnerability in VMware Workstation and Horizon View Client
CVE-2017-4908

7.8HIGH

Key Information:

Vendor: Vmware
Status: Workstation; Horizon View Client For Windows
Vendor: CVE Published:; 8 June 2017

What is CVE-2017-4908?

VMware Workstation (12.x versions before 12.5.3) and Horizon View Client (4.x versions before 4.4.0) are susceptible to multiple heap buffer-overflow vulnerabilities in the JPEG2000 parser within TPView.dll. Exploitation of these vulnerabilities could allow a malicious guest virtual machine to execute arbitrary code or trigger a Denial of Service on the host Windows operating system. While virtual printing, which is a feature that can increase risk, is not enabled by default on Workstation, it is activated by default in Horizon View Client environments.

Affected Version(s)

Horizon View Client for Windows 4.x prior to 4.4.0

Workstation 12.x prior to 12.5.3

References

http://www.securitytracker.com/id/1038281

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/97912

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1038280

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2017
Vulnerability Reserved
Dec 26, 2016

Vmware

What is CVE-2017-4908?

Affected Version(s)

References

CVSS V3.1

Timeline