Lucene search

VmwareCVE-2017-4908

HistoryJun 08, 2017 - 1:29 p.m.

CVE-2017-4908

2017-06-0813:29:00

CWE-119

vmware

web.nvd.nist.gov

vmware

workstation

horizon view

jpeg2000

buffer-overflow

vulnerability

nvd

cve-2017-4908

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

44.4%

JSON

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Affected configurations

Nvd

Node

vmwarehorizon_viewMatch4.0

vmwarehorizon_viewMatch4.1

vmwarehorizon_viewMatch4.2

vmwarehorizon_viewMatch4.3

vmwareworkstationMatch12.0

vmwareworkstationMatch12.0.1

vmwareworkstationMatch12.1

vmwareworkstationMatch12.1.1

vmwareworkstationMatch12.5

vmwareworkstationMatch12.5.1

vmwareworkstationMatch12.5.2

VendorProductVersionCPE
vmwarehorizon_view4.0cpe:2.3:a:vmware:horizon_view:4.0:*:*:*:*:*:*:*
vmwarehorizon_view4.1cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:*:*:*
vmwarehorizon_view4.2cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:*:*:*
vmwarehorizon_view4.3cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:*:*:*
vmwareworkstation12.0cpe:2.3:a:vmware:workstation:12.0:*:*:*:*:*:*:*
vmwareworkstation12.0.1cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*
vmwareworkstation12.1cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*
vmwareworkstation12.1.1cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*
vmwareworkstation12.5cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*
vmwareworkstation12.5.1cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	horizon_view	4.0	cpe:2.3:a:vmware:horizon_view:4.0:::::::*
vmware	horizon_view	4.1	cpe:2.3:a:vmware:horizon_view:4.1:::::::*
vmware	horizon_view	4.2	cpe:2.3:a:vmware:horizon_view:4.2:::::::*
vmware	horizon_view	4.3	cpe:2.3:a:vmware:horizon_view:4.3:::::::*
vmware	workstation	12.0	cpe:2.3:a:vmware:workstation:12.0:::::::*
vmware	workstation	12.0.1	cpe:2.3:a:vmware:workstation:12.0.1:::::::*
vmware	workstation	12.1	cpe:2.3:a:vmware:workstation:12.1:::::::*
vmware	workstation	12.1.1	cpe:2.3:a:vmware:workstation:12.1.1:::::::*
vmware	workstation	12.5	cpe:2.3:a:vmware:workstation:12.5:::::::*
vmware	workstation	12.5.1	cpe:2.3:a:vmware:workstation:12.5.1:::::::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "Workstation",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "12.x prior to 12.5.3"
      }
    ]
  },
  {
    "product": "Horizon View Client for Windows",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "4.x prior to 4.4.0"
      }
    ]
  }
]

References

www.securityfocus.com/bid/97912

www.securitytracker.com/id/1038280

www.securitytracker.com/id/1038281

www.vmware.com/security/advisories/VMSA-2017-0008.html

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

44.4%

JSON

Related for CVE-2017-4908