Information Disclosure Vulnerability in VMware Workstation and Horizon Client
CVE-2020-3990
6.5MEDIUM
Key Information:
- Vendor
Vmware
- Vendor
- CVE Published:
- 16 September 2020
What is CVE-2020-3990?
VMware Workstation (15.x) and Horizon Client for Windows (5.x prior to 5.4.4) contain a vulnerability stemming from an integer overflow issue in the Cortado ThinPrint component. A malicious actor with access to a virtual machine can exploit this vulnerability to disclose sensitive memory information from the TPView process running on the host system. Notably, exploitation is only possible if the virtual printing feature is enabled; while this is not enabled by default on Workstation, it is enabled by default on Horizon Client.
Affected Version(s)
VMware Workstation and Horizon Client for Windows VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)