Out-of-Bounds Read Vulnerabilities in VMware Workstation and Horizon View Client
CVE-2017-4912

7.8HIGH

Key Information:

Vendor
Vmware
Vendor
CVE Published:
8 June 2017

Summary

VMware Workstation and Horizon View Client are affected by multiple out-of-bounds read vulnerabilities in the TrueType Font parser within the TPView.dll component. These vulnerabilities may allow an attacker to execute arbitrary code or cause a Denial of Service on the host operating system running the affected VMware products. Exploitation of these vulnerabilities is possible only when the virtual printing feature is enabled, which is on by default in Horizon View Client but not in Workstation. Ensuring your systems are updated to the latest versions is crucial to mitigate these risks.

Affected Version(s)

Horizon View Client for Windows 4.x prior to 4.4.0

Workstation 12.x prior to 12.5.3

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.