CVE-2017-4908

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 12.x prior to 12.5.3 Horizon View Client versions 4.x prior to 4.4.0

Description The issue is related to multiple heap buffer-overflow vulnerabilities in the JPEG2000 parser in the TPView.dll. This may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs the affected software. Exploitation is only possible if virtual printing has been enabled, a feature that is not enabled by default on Workstation but is enabled by default on Horizon View Client.

Recommendations For VMware Workstation versions 12.x prior to 12.5.3, update to version 12.5.3 or later. For Horizon View Client versions 4.x prior to 4.4.0, update to version 4.4.0 or later. As a temporary workaround, consider disabling virtual printing until a patch is available.