PT-2017-16219 · Microsoft+1 · Windows+2
Published
2017-11-17
·
Updated
2017-12-04
·
CVE-2017-4937
CVSS v3.1
7.8
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VMware Workstation versions 12.x through 12.5.7
Horizon View Client for Windows versions 4.x through 4.6.0
Description
The issue is related to an out-of-bounds read in the JPEG2000 parser within the TPView.dll. This could potentially allow a guest to execute code or cause a Denial of Service on the Windows OS running the affected software. The exploitation is contingent upon the virtual printing feature being enabled, which is not enabled by default in Workstation but is enabled by default in Horizon View Client.
Recommendations
For VMware Workstation versions 12.x through 12.5.7, update to version 12.5.8 or later.
For Horizon View Client for Windows versions 4.x through 4.6.0, update to version 4.6.1 or later.
As a temporary workaround, consider disabling the virtual printing feature to minimize the risk of exploitation.
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Horizon Client For Windows
Vmware Workstation
Windows