PT-2017-16217 · Vmware · Horizon Client For Windows+1

Publicado

2017-11-17

·

Atualizado

2017-12-03

·

CVE-2017-4935

CVSS v3.1

7.8

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions VMware Workstation versions 12.x through 12.5.7 Horizon View Client for Windows versions 4.x through 4.6.0
Description The issue is related to an out-of-bounds write vulnerability in the JPEG2000 parser in the TPView.dll. This may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs the affected software. Exploitation is only possible if virtual printing has been enabled.
Recommendations For VMware Workstation versions 12.x through 12.5.7, update to version 12.5.8 or later. For Horizon View Client for Windows versions 4.x through 4.6.0, update to version 4.6.1 or later. As a temporary workaround, consider disabling virtual printing until a patch is available.

Correção

DoS

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2017-4935
ZDI-17-922

Produtos afetados

Horizon Client For Windows
Vmware Workstation