CVE-2017-4897

Name of the Vulnerable Software and Affected Versions VMware Horizon DaaS versions prior to 7.0.0

Description The issue is caused by insufficient validation of data, allowing an attacker to exploit it by tricking users into connecting to a malicious server. This can be achieved by sharing a specially crafted RDP file through the DaaS client, which the victim downloads by clicking on a malicious link. Successful exploitation requires user interaction.

Recommendations For versions prior to 7.0.0, update to version 7.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted RDP files and avoiding clicking on malicious links to minimize the risk of exploitation.