CVE-2017-4948

Name of the Vulnerable Software and Affected Versions: VMware Workstation versions 14.x before 14.1.0 VMware Workstation version 12.x Horizon View Client versions 4.x before 4.7.0

Description: The issue is an out-of-bounds read vulnerability in TPView.dll. This vulnerability may allow a guest to leak information from the host or cause a Denial of Service on the Windows OS running the affected software. The vulnerability can be exploited when virtual printing is enabled, which is not the default setting on Workstation but is enabled by default on Horizon View Client.

Recommendations: For VMware Workstation versions 14.x before 14.1.0, update to version 14.1.0 or later. For VMware Workstation version 12.x, update to a version that includes the fix for this issue. For Horizon View Client versions 4.x before 4.7.0, update to version 4.7.0 or later. As a temporary workaround, consider disabling virtual printing until a patch is available.