PT-2020-3953 · Cortado+1 · Cortado Thinprint+2

Kpc

Published

2020-09-14

Updated

2020-11-17

CVE-2020-3986

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions: VMware Workstation versions 15.x Horizon Client for Windows versions 5.x before 5.4.4

Description: The issue is related to an out-of-bounds read in the Cortado ThinPrint component's EMF Parser. A malicious actor with normal access to a virtual machine may exploit this to create a partial denial-of-service condition or leak memory from the TPView process. This could allow an attacker to gain unauthorized access to protected information and cause a denial of service.

Recommendations: For VMware Workstation version 15.x, update to a version that includes the fix for the Cortado ThinPrint component's EMF Parser issue. For Horizon Client for Windows versions 5.x before 5.4.4, update to version 5.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cortado ThinPrint component to minimize the risk of exploitation.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2020-04346

CVE-2020-3986

ZDI-20-1179

Affected Products

Cortado Thinprint

Horizon Client For Windows

Vmware Workstation

PT-2020-3953 · Cortado+1 · Cortado Thinprint+2

CVE-2020-3986

Weakness Enumeration

Related Identifiers

Affected Products

References · 6