Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon View Client
CVE-2017-4937

7.8HIGH

Key Information:

Vendor
Vmware
Status
Workstation
Horizon View Client For Windows
Vendor
CVE Published:
17 November 2017

Summary

VMware Workstation prior to version 12.5.8 and Horizon View Client for Windows prior to version 4.6.1 are susceptible to an out-of-bounds read vulnerability in the JPEG2000 parser within the TPView.dll library. Successful exploitation may allow an attacker to execute arbitrary code or initiate a Denial of Service (DoS) condition on the underlying Windows operating system. The potential for exploitation exists when the virtual printing feature is active, which is not enabled by default in Workstation but is enabled by default in Horizon View Client.

Affected Version(s)

Horizon View Client for Windows 4.x before 4.6.1

Workstation 12.x before 12.5.8

References

https://www.vmware.com/security/advisories/VMSA-2017-0018...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039836
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101892
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.