Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon View Client
CVE-2017-4936

7.8HIGH

Key Information:

Vendor

Vmware
Status
Workstation
Horizon View Client For Windows
Vendor
CVE Published:
16 November 2017

What is CVE-2017-4936?

VMware Workstation and Horizon View Client for Windows are affected by an out-of-bounds read vulnerability in the JPEG2000 parser within TPView.dll. Exploitation of this issue may allow an attacker to execute arbitrary code or initiate a Denial of Service on the underlying Windows operating system running the affected software. For VMware Workstation, a compromised guest can leverage this vulnerability, while for Horizon View Client, a View desktop may facilitate the attack. It's critical for users to apply updates and mitigate the risks associated with this security flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Horizon View Client for Windows 4.x before 4.6.1

Workstation 12.x before 12.5.8

References

https://www.vmware.com/security/advisories/VMSA-2017-0018...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039836
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101892
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.