#VU9928 Out-of-bounds read in VMware Horizon and VMware Workstation - CVE-2017-4948
Published: January 10, 2018
Vulnerability identifier: #VU9928
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4948
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
VMware Horizon
VMware Workstation
VMware Horizon
VMware Workstation
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The weakness exists due to an out-of-bounds memory read error in Cortado ThinPrint ('TPView.dll'). An adjacent attacker can read arbitrary data on the host system or cause the View desktop system to crash.
The weakness exists due to an out-of-bounds memory read error in Cortado ThinPrint ('TPView.dll'). An adjacent attacker can read arbitrary data on the host system or cause the View desktop system to crash.
Remediation
Update VMware Horizon View to version 4.7.0.
Update VMware Workstation to version 14.1.
Update VMware Workstation to version 14.1.