Heap Buffer Overflow Vulnerability in VMware Workstation and Horizon View Client
CVE-2017-4909

7.8HIGH

Key Information:

Vendor
Vmware
Status
Workstation
Horizon View Client For Windows
Vendor
CVE Published:
8 June 2017

Summary

VMware Workstation versions prior to 12.5.3 and Horizon View Client versions prior to 4.4.0 are susceptible to a heap buffer overflow vulnerability. This issue is triggered within the TrueType Font (TTF) parser of the TPView.dll. When virtual printing is enabled—which is not the default for Workstation but is for Horizon View—attackers exploiting this vulnerability could execute arbitrary code or cause a Denial of Service on the host Windows operating system. Mitigating this risk requires an understanding of the virtual printing feature and applying the appropriate security updates.

Affected Version(s)

Horizon View Client for Windows 4.x prior to 4.4.0

Workstation 12.x prior to 12.5.3

References

http://www.securitytracker.com/id/1038281
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97911
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038280
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.