Heap Buffer-Overflow Vulnerability in VMware Workstation and Horizon View Client
CVE-2017-4908
7.8HIGH
Key Information:
- Vendor
Vmware
- Vendor
- CVE Published:
- 8 June 2017
What is CVE-2017-4908?
VMware Workstation (12.x versions before 12.5.3) and Horizon View Client (4.x versions before 4.4.0) are susceptible to multiple heap buffer-overflow vulnerabilities in the JPEG2000 parser within TPView.dll. Exploitation of these vulnerabilities could allow a malicious guest virtual machine to execute arbitrary code or trigger a Denial of Service on the host Windows operating system. While virtual printing, which is a feature that can increase risk, is not enabled by default on Workstation, it is activated by default in Horizon View Client environments.
Affected Version(s)
Horizon View Client for Windows 4.x prior to 4.4.0
Workstation 12.x prior to 12.5.3