CVE-2018-6970

Name of the Vulnerable Software and Affected Versions VMware Horizon 6 versions 6.x.x before 6.2.7 VMware Horizon 7 versions 7.x.x before 7.5.1 VMware Horizon Client versions 4.x.x and prior before 4.8.1

Description The issue is an out-of-bounds read vulnerability in the Message Framework library. This may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent, or Horizon Client are installed. Note that this issue does not apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.

Recommendations For VMware Horizon 6 versions 6.x.x before 6.2.7, update to version 6.2.7 or later. For VMware Horizon 7 versions 7.x.x before 7.5.1, update to version 7.5.1 or later. For VMware Horizon Client versions 4.x.x and prior before 4.8.1, update to version 4.8.1 or later.