Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client
CVE-2021-21989

6.5MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Workstation Pro / Player (workstation), Vmware Horizon Client For Windows
Vendor: CVE Published:; 24 May 2021

Summary

VMware Workstation and Horizon Client for Windows have a security flaw due to an out-of-bounds read in the Cortado ThinPrint component. An attacker with access to a virtual machine or remote desktop could exploit this vulnerability, potentially leading to the disclosure of sensitive information from the TPView process on the affected system. Users of these products are advised to update to the latest versions to mitigate the risks associated with this vulnerability.

Affected Version(s)

VMware Workstation Pro / Player (Workstation), VMware Horizon Client for Windows VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2)

References

https://www.vmware.com/security/advisories/VMSA-2021-0009...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-610/

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 24, 2021
Vulnerability Reserved
Jan 4, 2021