CVE-2020-3987

Name of the Vulnerable Software and Affected Versions: VMware Workstation versions 15.x Horizon Client for Windows versions 5.x before 5.4.4

Description: The issue is related to an out-of-bounds read in the Cortado ThinPrint component's EMR STRETCHDIBITS parser, which can be exploited by a remote attacker to gain unauthorized access to protected information and cause a denial-of-service. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition or to leak memory from the TPView process.

Recommendations: For VMware Workstation version 15.x, update to a version that includes the fix for this issue. For Horizon Client for Windows versions 5.x before 5.4.4, update to version 5.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cortado ThinPrint component until a patch is available.