Multiple vulnerabilities in VMWare Unified Access Gateway, Horizon View and Workstation
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-4907 CVE-2017-4908 CVE-2017-4909 CVE-2017-4910 CVE-2017-4911 CVE-2017-4912 CVE-2017-4913 |
| CWE-ID | CWE-122 CWE-119 CWE-190 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
VMware Horizon Server applications / Virtualization software VMWare Unified Access Gateway Server applications / Remote access servers, VPN VMware Workstation Client/Desktop applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU6304
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4907
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in VMware Unified Access Gateway and Horizon View. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on security gateway.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationThe vulnerability is fixed in Unified Access Gateway (formerly Access Point) 2.8.1, Horizon View 7.1.0 and 6.2.4.
Vulnerable software versionsVMware Horizon: 6.2 - 7.0.3
VMWare Unified Access Gateway: 2.8.0
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0008.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU6305
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4908
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing JPEG2000 images in VMware Workstation and Horizon View Client. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on security gateway.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationThe vulnerability is fixed in VMware Workstation 12.5.3, Horizon View 7.1.0 and 6.2.4.
Vulnerable software versionsVMware Horizon: 6.2 - 7.0.3
VMware Workstation: 12.5 - 12.5.2
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0008.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU6306
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4909
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing TrueType Font (TTF) in TPView.dll in VMware Workstation and Horizon View Client. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on security gateway.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationThe vulnerability is fixed in WMWare Workstation 12.5.3, Horizon View 7.1.0 and 6.2.4.
Vulnerable software versionsVMware Horizon: 6.2 - 7.0.3
VMware Workstation: 12.5 - 12.5.2
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0008.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU6307
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4910
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing JPEG2000 images in VMware Workstation and Horizon View Client. A remote attacker can trigger out-of-bounds read/write and execute arbitrary code on security gateway.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationThe vulnerability is fixed in VMware Workstation 12.5.3, Horizon View 7.1.0 and 6.2.4.
Vulnerable software versionsVMware Horizon: 6.2 - 7.0.3
VMware Workstation: 12.5 - 12.5.2
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0008.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU6308
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4911
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing JPEG2000 images in VMware Workstation and Horizon View Client. A remote attacker can trigger out-of-bounds read/write and execute arbitrary code on security gateway.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationThe vulnerability is fixed in VMware Workstation 12.5.3, Horizon View 7.1.0 and 6.2.4.
Vulnerable software versionsVMware Horizon: 6.2 - 7.0.3
VMware Workstation: 12.5 - 12.5.2
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0008.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU6309
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4912
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing TrueType Font (TTF) fonts in TPView.dll in VMware Workstation and Horizon View Client. A remote attacker can trigger out-of-bounds read/write and execute arbitrary code on security gateway.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationThe vulnerability is fixed in VMware Workstation 12.5.3, Horizon View 7.1.0 and 6.2.4.
Vulnerable software versionsVMware Horizon: 6.2 - 7.0.3
VMware Workstation: 12.5 - 12.5.2
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0008.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU6310
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4913
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing TrueType Font (TTF) fonts in TPView.dll in VMware Workstation and Horizon View Client. A remote attacker can trigger integer overflow and execute arbitrary code on security gateway.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationThe vulnerability is fixed in VMware Workstation 12.5.3, Horizon View 7.1.0 and 6.2.4.
Vulnerable software versionsVMware Horizon: 6.2 - 7.0.3
VMware Workstation: 12.5 - 12.5.2
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0008.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
