CVE-2017-4948

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
Link Resource
http://www.securityfocus.com/bid/102441 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040108 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040109 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040136 Third Party Advisory VDB Entry
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:vmware:horizon_view:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-01-05 14:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-4948

Mitre link : CVE-2017-4948

CVE.ORG link : CVE-2017-4948


JSON object : View

Products Affected

vmware

  • horizon_view
  • workstation
CWE
CWE-125

Out-of-bounds Read

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor