CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
93.3%
Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to execute arbitrary code and cause a denial of service.
Below is a complete list of vulnerabilities:
Technical details
Vulnerability (1) exists in VMware Unified Access Gateway and VMware Horizon View.
Vulnerabilities (2),(3) are related to JPEG2000 and TTF (TrueType Font) parsers.
Exploitation of vulnerabilities (2),(3) is possibly only in case of virtual printing being enabled. Note that this product feature is enabled by default on VMware Horizon View and not enabled on VM Workstation products.
Vulnerabilities (2)-(4) exist in VMware Horizon View Client for Windows and VMware Workstation products.
Vulnerability (4) is related to TTF (TrueType Font) parser.
NB: At this moment VMware has just reserved CVE numbers for this vulnerabilities. Information can be changed soon.
CVE-2017-4913 high
CVE-2017-4912 high
CVE-2017-4911 high
CVE-2017-4910 high
CVE-2017-4909 high
CVE-2017-4908 high
CVE-2017-4907 critical
Update to the latest versionsDownload VMware Workstation Player
Download VMware Workstation Pro
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
93.3%