Multiple vulnerabilities in VmWare products

1) Out-of-bounds read

EUVDB-ID: #VU9928

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-4948

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to an out-of-bounds memory read error in Cortado ThinPrint ('TPView.dll'). An adjacent attacker can read arbitrary data on the host system or cause the View desktop system to crash.

Mitigation

Update VMware Horizon View to version 4.7.0.
Update VMware Workstation to version 14.1.

Vulnerable software versions

VMware Horizon: 4.0 - 4.6.1

VMware Workstation: 12.0.0 - 12.5.8

External links

http://www.vmware.com/security/advisories/VMSA-2018-0003.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

EUVDB-ID: #VU9929

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-4945

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to gain unauthorized access to the target system.

The weakness exists due to insufficient security restrictions. An adjacent attacker can bypass certain security restrictions and gain access to a guest system that may result in further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Fusion: 8.0 - 10.0

VMware Workstation: 12.0.0 - 14.0

External links

http://www.vmware.com/security/advisories/VMSA-2018-0003.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Privilege escalation

EUVDB-ID: #VU9930

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-4946

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an unspecified condition in the vRealize Operations for Horizon and the vRealize Operations for Published Applications desktop agents. A local attacker can gain system privileges and perform further attacks.

Mitigation

Update to version 4.5.1.

Vulnerable software versions

VMware vRealize Operations for Published Applications: 6.0.0 - 6.5.0

: 6.0.0 - 6.5.0

External links

http://www.vmware.com/security/advisories/VMSA-2018-0003.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.