Lucene search

[email protected]NVD:CVE-2017-4909

HistoryJun 08, 2017 - 1:29 p.m.

CVE-2017-4909

2017-06-0813:29:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Affected configurations

Nvd

Node

vmwarehorizon_viewMatch4.0

vmwarehorizon_viewMatch4.1

vmwarehorizon_viewMatch4.2

vmwarehorizon_viewMatch4.3

vmwareworkstationMatch12.0

vmwareworkstationMatch12.0.1

vmwareworkstationMatch12.1

vmwareworkstationMatch12.1.1

vmwareworkstationMatch12.5

vmwareworkstationMatch12.5.1

vmwareworkstationMatch12.5.2

VendorProductVersionCPE
vmwarehorizon_view4.0cpe:2.3:a:vmware:horizon_view:4.0:*:*:*:*:*:*:*
vmwarehorizon_view4.1cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:*:*:*
vmwarehorizon_view4.2cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:*:*:*
vmwarehorizon_view4.3cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:*:*:*
vmwareworkstation12.0cpe:2.3:a:vmware:workstation:12.0:*:*:*:*:*:*:*
vmwareworkstation12.0.1cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*
vmwareworkstation12.1cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*
vmwareworkstation12.1.1cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*
vmwareworkstation12.5cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*
vmwareworkstation12.5.1cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	horizon_view	4.0	cpe:2.3:a:vmware:horizon_view:4.0:::::::*
vmware	horizon_view	4.1	cpe:2.3:a:vmware:horizon_view:4.1:::::::*
vmware	horizon_view	4.2	cpe:2.3:a:vmware:horizon_view:4.2:::::::*
vmware	horizon_view	4.3	cpe:2.3:a:vmware:horizon_view:4.3:::::::*
vmware	workstation	12.0	cpe:2.3:a:vmware:workstation:12.0:::::::*
vmware	workstation	12.0.1	cpe:2.3:a:vmware:workstation:12.0.1:::::::*
vmware	workstation	12.1	cpe:2.3:a:vmware:workstation:12.1:::::::*
vmware	workstation	12.1.1	cpe:2.3:a:vmware:workstation:12.1.1:::::::*
vmware	workstation	12.5	cpe:2.3:a:vmware:workstation:12.5:::::::*
vmware	workstation	12.5.1	cpe:2.3:a:vmware:workstation:12.5.1:::::::*

Rows per page:

1-10 of 111

References

www.securityfocus.com/bid/97911

www.securitytracker.com/id/1038280

www.securitytracker.com/id/1038281

www.vmware.com/security/advisories/VMSA-2017-0008.html

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

Related for NVD:CVE-2017-4909

cve1 cvelist1 prion1 nessus2 kaspersky1 vmware2 openvas2