Out-of-Bounds Write Vulnerabilities in VMware Workstation and Horizon View Client
CVE-2017-4911

7.8HIGH

Key Information:

Vendor
Vmware
Status
Workstation
Horizon View Client For Windows
Vendor
CVE Published:
8 June 2017

Summary

VMware Workstation and Horizon View Client possess multiple out-of-bounds write vulnerabilities within their JPEG2000 parser, specifically located in the TPView.dll. On VMware Workstation, an attacker may exploit this vulnerability to execute arbitrary code or instigate a Denial of Service on the underlying Windows operating system, provided that virtual printing is enabled. Similarly, for the Horizon View Client, the risk of code execution or Denial of Service exists, dependent on the status of virtual printing, which is enabled by default within this product. It's crucial for users to be aware of the implications of these vulnerabilities and ensure proper configuration and updates.

Affected Version(s)

Horizon View Client for Windows 4.x prior to 4.4.0

Workstation 12.x prior to 12.5.3

References

http://www.securitytracker.com/id/1038281
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1038280
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97916
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.