Out-of-Bounds Write Vulnerability in VMware Workstation and Horizon View Client
CVE-2017-4935
7.8HIGH
Key Information:
- Vendor
- Vmware
- Vendor
- CVE Published:
- 17 November 2017
Summary
VMware Workstation (12.x versions prior to 12.5.8) and the Horizon View Client for Windows (4.x versions prior to 4.6.1) are susceptible to an out-of-bounds write vulnerability originating from the JPEG2000 parser in TPView.dll. Exploiting this vulnerability may allow an attacker, provided that virtual printing is enabled, to execute arbitrary code or trigger a Denial of Service on the host operating system running these products. Notably, while virtual printing is off by default in VMware Workstation, it is turned on by default in the Horizon View Client.
Affected Version(s)
Horizon View Client for Windows 4.x before 4.6.1
Workstation 12.x before 12.5.8
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved