Out-of-bounds read in VMware Horizon and VMware Workstation - CVE-2017-4948
Published: January 10, 2018
Vulnerability identifier: #VU9928
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-4948
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Horizon
VMware Workstation
VMware Horizon
VMware Workstation
Detailed vulnerability description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The weakness exists due to an out-of-bounds memory read error in Cortado ThinPrint ('TPView.dll'). An adjacent attacker can read arbitrary data on the host system or cause the View desktop system to crash.
The weakness exists due to an out-of-bounds memory read error in Cortado ThinPrint ('TPView.dll'). An adjacent attacker can read arbitrary data on the host system or cause the View desktop system to crash.
How to mitigate CVE-2017-4948
Update VMware Horizon View to version 4.7.0.
Update VMware Workstation to version 14.1.
Update VMware Workstation to version 14.1.