CVE-2017-4936

7.8HIGH

Key Information:

Vendor
Vmware
Status
Workstation
Horizon View Client For Windows
Vendor
CVE Published:
16 November 2017

Summary

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.

Affected Version(s)

Horizon View Client for Windows 4.x before 4.6.1

Workstation 12.x before 12.5.8

References

https://www.vmware.com/security/advisories/VMSA-2017-0018...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039836
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101892
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.