Out-of-bounds write in VMware Workstation and VMware Horizon - CVE-2017-4935
Published: November 20, 2017
Vulnerability identifier: #VU9356
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4935
CWE-ID: CWE-787
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Workstation
VMware Horizon
VMware Workstation
VMware Horizon
Detailed vulnerability description
The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The weakness exists due to out-of-bounds memory write error in JPEG2000 parser in the TPView.dll. An adjacent attacker can trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
The weakness exists due to out-of-bounds memory write error in JPEG2000 parser in the TPView.dll. An adjacent attacker can trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
How to mitigate CVE-2017-4935
Update Workstation to version 12.5.8.
Update Horizon View Client for Windows to version 4.6.1.
Update Horizon View Client for Windows to version 4.6.1.