Heap Buffer Overflow Vulnerability in VMware Workstation and Horizon View Client
CVE-2017-4909
7.8HIGH
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 8 June 2017
Summary
VMware Workstation versions prior to 12.5.3 and Horizon View Client versions prior to 4.4.0 are susceptible to a heap buffer overflow vulnerability. This issue is triggered within the TrueType Font (TTF) parser of the TPView.dll. When virtual printing is enabled—which is not the default for Workstation but is for Horizon View—attackers exploiting this vulnerability could execute arbitrary code or cause a Denial of Service on the host Windows operating system. Mitigating this risk requires an understanding of the virtual printing feature and applying the appropriate security updates.
Affected Version(s)
Horizon View Client for Windows 4.x prior to 4.4.0
Workstation 12.x prior to 12.5.3
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved