Out-of-Bounds Read Vulnerabilities in VMware Workstation and Horizon View Client
CVE-2017-4910
7.8HIGH
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 8 June 2017
Summary
VMware Workstation and Horizon View Client are susceptible to multiple out-of-bounds read vulnerabilities due to flaws in the JPEG2000 parser found in TPView.dll. If exploited, these vulnerabilities could enable a guest OS to execute arbitrary code or cause a Denial of Service on the Windows host OS running VMware Workstation or Horizon View Client. This exploitation requires that the virtual printing feature be activated, which is enabled by default in Horizon View but not in Workstation.
Affected Version(s)
Horizon View Client for Windows 4.x prior to 4.4.0
Workstation 12.x prior to 12.5.3
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved