PT-2017-16217 · Vmware · Horizon Client For Windows+1

Published

2017-11-17

Updated

2017-12-03

CVE-2017-4935

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 12.x through 12.5.7 Horizon View Client for Windows versions 4.x through 4.6.0

Description The issue is related to an out-of-bounds write vulnerability in the JPEG2000 parser in the TPView.dll. This may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs the affected software. Exploitation is only possible if virtual printing has been enabled.

Recommendations For VMware Workstation versions 12.x through 12.5.7, update to version 12.5.8 or later. For Horizon View Client for Windows versions 4.x through 4.6.0, update to version 4.6.1 or later. As a temporary workaround, consider disabling virtual printing until a patch is available.

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2017-4935

ZDI-17-922

Affected Products

Horizon Client For Windows

Vmware Workstation

PT-2017-16217 · Vmware · Horizon Client For Windows+1

CVE-2017-4935

Weakness Enumeration

Related Identifiers

Affected Products

References · 7