CVE-2017-4910

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 12.x prior to 12.5.3 Horizon View Client versions 4.x prior to 4.4.0

Description The issue concerns out-of-bounds read vulnerabilities in the JPEG2000 parser within the TPView.dll. This could potentially allow a guest to execute code or cause a Denial of Service on the Windows OS running the affected software. The vulnerability can be exploited only if virtual printing has been enabled. By default, virtual printing is disabled in Workstation but enabled in Horizon View Client.

Recommendations For VMware Workstation versions 12.x prior to 12.5.3, update to version 12.5.3 or later. For Horizon View Client versions 4.x prior to 4.4.0, update to version 4.4.0 or later. As a temporary workaround, consider disabling virtual printing to minimize the risk of exploitation.