Multiple vulnerabilities in VmWare products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-4934 CVE-2017-4935 CVE-2017-4936 CVE-2017-4937 CVE-2017-4938 CVE-2017-4939 |
| CWE-ID | CWE-122 CWE-787 CWE-125 CWE-476 CWE-427 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
VMware Workstation Client/Desktop applications / Virtualization software VMware Fusion Client/Desktop applications / Virtualization software VMware Horizon Server applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU9355
Risk: Low
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4934
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The weakness exists due to a heap-based buffer overflow in the VMNAT device. An adjacent attacker can trigger memory corruption and execute arbitrary code with elevated privileges.
Update Workstation to version 12.5.8.
Update Fusion to 8.5.9.
VMware Workstation: 12.0.0 - 12.5.7
VMware Fusion: 8.0 - 8.5.8
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0018.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU9356
Risk: Low
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4935
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds memory write error in JPEG2000 parser in the TPView.dll. An adjacent attacker can trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Update Workstation to version 12.5.8.
Update Horizon View Client for Windows to version 4.6.1.
VMware Workstation: 12.0.0 - 12.5.7
VMware Horizon: 4.0 - 4.5.0
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0018.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU9357
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4936
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condtition on the target system.
The weakness exists due to out-of-bounds memory read error in JPEG2000 parser in the TPView.dll. An adjacent attacker can trigger memory corruption and cause the service to crash.
Update Workstation to version 12.5.8.
Update Horizon View Client for Windows to version 4.6.1.
VMware Workstation: 12.0.0 - 12.5.7
VMware Horizon: 4.0 - 4.5.0
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0018.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU9358
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4937
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condtition on the target system.
The weakness exists due to out-of-bounds memory read error in JPEG2000 parser in the TPView.dll. An adjacent attacker can trigger memory corruption and cause the service to crash.
Update Workstation to version 12.5.8.
Update Horizon View Client for Windows to version 4.6.1.
VMware Workstation: 12.0.0 - 12.5.7
VMware Horizon: 4.0 - 4.5.0
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0018.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Null pointer dereference
EUVDB-ID: #VU9359
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to a guest RPC NULL pointer dereference. An adjacent attacker can cause the application to crash.
Update Workstation to version 12.5.8.
Update Fusion to 8.5.9.
VMware Workstation: 12.0.0 - 12.5.7
VMware Fusion: 8.0 - 8.5.8
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0018.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Insecure DLL loading
EUVDB-ID: #VU9360
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-4939
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to insecure .dll loading mechanism when opening files. A local attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate Workstation to version 12.5.8.
VMware Workstation: 12.0.0 - 12.5.7
External linkshttp://www.vmware.com/security/advisories/VMSA-2017-0018.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
