Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon View Client
CVE-2017-4936

7.8HIGH

Key Information:

Vendor
Vmware
Status
Workstation
Horizon View Client For Windows
Vendor
CVE Published:
16 November 2017

Summary

VMware Workstation and Horizon View Client for Windows are affected by an out-of-bounds read vulnerability in the JPEG2000 parser within TPView.dll. Exploitation of this issue may allow an attacker to execute arbitrary code or initiate a Denial of Service on the underlying Windows operating system running the affected software. For VMware Workstation, a compromised guest can leverage this vulnerability, while for Horizon View Client, a View desktop may facilitate the attack. It's critical for users to apply updates and mitigate the risks associated with this security flaw.

Affected Version(s)

Horizon View Client for Windows 4.x before 4.6.1

Workstation 12.x before 12.5.8

References

https://www.vmware.com/security/advisories/VMSA-2017-0018...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039836
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101892
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.