CVE-2020-3989

Name of the Vulnerable Software and Affected Versions: VMware Workstation versions 15.x Horizon Client for Windows versions 5.x before 5.4.4

Description: The issue is related to an out-of-bounds write in the Cortado ThinPrint component, which can lead to a denial of service condition. A malicious actor with normal access to a virtual machine may exploit this to create a partial denial-of-service condition on the system where the software is installed. Exploitation is only possible if virtual printing has been enabled, a feature that is not enabled by default on Workstation but is enabled by default on Horizon Client for Windows.

Recommendations: For VMware Workstation version 15.x, update to a version where this issue is fixed. For Horizon Client for Windows versions 5.x before 5.4.4, update to version 5.4.4 or later. As a temporary workaround, consider disabling virtual printing until a patch is available.