All the vulnerabilites related to vmware - horizon_view
Vulnerability from fkie_nvd
Published
2017-06-08 13:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_view | 4.0 | |
| vmware | horizon_view | 4.1 | |
| vmware | horizon_view | 4.2 | |
| vmware | horizon_view | 4.3 | |
| vmware | workstation | 12.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF333D9B-18E5-4753-B6FA-5AE9001F6C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91776C-7B4E-4242-B8F8-EAC4D18C2748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "003D6C48-2873-4070-A433-109AD21036E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2E2C09-1BFD-46D5-A56A-987D6739BCF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1659EFD4-97A7-4DBC-91DA-0B9EE18874F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
},
{
"lang": "es",
"value": "Workstation (versiones 12.x anteriores a 12.5.3) y Horizon View Client (versiones 4.x anteriores a 4.4.0) de VMware, contienen varias vulnerabilidades de lectura fuera de l\u00edmites en el analizador JPEG2000 en la biblioteca TPView.dll. En Workstation, esto puede permitir a un invitado ejecutar c\u00f3digo o realizar una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Workstation. En el caso de Horizon View Client, esto puede permitir que un escritorio de View ejecute c\u00f3digo o realice una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Horizon View Client. La explotaci\u00f3n solo es posible si la impresi\u00f3n virtual ha sido habilitada. Esta funcionalidad no est\u00e1 habilitada por defecto en Workstation, pero est\u00e1 habilitada por defecto en Horizon View."
}
],
"id": "CVE-2017-4910",
"lastModified": "2024-11-21T03:26:38.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T13:29:00.313",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97913"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 19:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_view | 2.0 | |
| vmware | horizon_view | 2.1 | |
| vmware | horizon_view | 2.2 | |
| vmware | horizon_view | 2.3 | |
| vmware | horizon_view | 3.0 | |
| vmware | horizon_view | 3.1 | |
| vmware | horizon_view | 3.2 | |
| vmware | horizon_view | 3.3 | |
| vmware | horizon_view | 4.0.0 | |
| vmware | horizon_view | 4.0.1 | |
| vmware | horizon_view | 4.1.0 | |
| vmware | horizon_view | 4.2.0 | |
| vmware | horizon_view | 4.3.0 | |
| vmware | horizon_view | 4.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0C7B1C-8A3F-41B2-B1CC-933C4DC52DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05A63377-0F12-46FC-86BC-C3BEE9826B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "49C87D08-7E5A-482D-82D8-0317442D4B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F47773EA-EB88-4A2A-B477-A8E10FB4E276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31E011A0-8338-4010-B7C1-3224CE5D0904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB0B791-BBEB-42ED-A6AF-52FDBE742159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6365FCB-FE92-44B0-9A1D-908DCEFEC746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2E9162-F007-4A4D-B441-565CF3EBB32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA43741-D14F-40F9-9A2A-A31D15636E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6DFB43-D139-4AAF-926D-C6C135EEB906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E8703D-B33B-484B-BF7F-4057842E4D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75B15310-DF93-4757-A41C-6E29BDEF61D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99D7F936-7C2B-4A1D-8AAC-F1FE3ACC70C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16FE9659-0F4C-417A-BCDA-023E43F6F78E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed."
},
{
"lang": "es",
"value": "VMware Horizon View Client (versiones 2.x, 3.x y versiones 4.x anteriores a 4.5.0), contiene una vulnerabilidad de inyecci\u00f3n de comandos en el script de inicio del servicio. La explotaci\u00f3n con \u00e9xito de este problema puede permitir a los usuarios sin privilegios escalar sus privilegios a root en el sistema Mac OSX donde est\u00e1 instalado el cliente."
}
],
"id": "CVE-2017-4918",
"lastModified": "2024-11-21T03:26:39.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T19:29:00.400",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98984"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038642"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0011.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-29 09:59
Modified
2024-11-21 02:57
Severity ?
Summary
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/93455 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1036972 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2016-0015.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93455 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036972 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2016-0015.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_view | 5.0 | |
| vmware | horizon_view | 5.0.1 | |
| vmware | horizon_view | 5.1 | |
| vmware | horizon_view | 5.1.3 | |
| vmware | horizon_view | 5.2.0 | |
| vmware | horizon_view | 5.3 | |
| vmware | horizon_view | 6.0 | |
| vmware | horizon_view | 6.0.2 | |
| vmware | horizon_view | 6.1 | |
| vmware | horizon_view | 6.1.1 | |
| vmware | horizon_view | 6.2 | |
| vmware | horizon_view | 7.0 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12D55241-0653-4BC0-9D67-69ABC47EBCFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C10410-728B-44CE-AA13-5DE365EA3867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5574F263-A23A-43B4-9083-B2B6DD4D20C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B66F7C-09CD-43E4-B85D-418CF8241E88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "032E4EBE-5FFB-4EE7-BD79-E4EFC1631446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A410FB1-41B2-40DE-A7F0-167F096D8FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "370FCB86-72ED-47AB-A414-A12E6C970BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67EA006A-76A5-489E-BD3E-FAFC00AB63C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75798329-EAC2-4B6F-A943-9EB6F01B5145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DEE3EA-30C8-4653-96B3-17D9F66AFDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C7C278-5A1D-41A3-AEFB-10AA859DEF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA685CC7-AD8E-4EB6-A6B7-46F126BDE92E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el Connection Server en VMware Horizon View 5.x en versiones anteriores a 5.3.7, 6.x en versiones anteriores a 6.2.3 y 7.x en versiones anteriores a 7.0.1 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-7087",
"lastModified": "2024-11-21T02:57:26.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-29T09:59:00.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93455"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036972"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0015.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 14:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/101892 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039835 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039836 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2017-0018.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101892 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039835 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039836 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2017-0018.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 12.0.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 | |
| vmware | workstation | 12.5.3 | |
| vmware | workstation | 12.5.4 | |
| vmware | workstation | 12.5.5 | |
| vmware | workstation | 12.5.6 | |
| vmware | workstation | 12.5.7 | |
| vmware | horizon_view | 4.0.0 | |
| vmware | horizon_view | 4.0.1 | |
| vmware | horizon_view | 4.1 | |
| vmware | horizon_view | 4.2 | |
| vmware | horizon_view | 4.3 | |
| vmware | horizon_view | 4.4 | |
| vmware | horizon_view | 4.5 | |
| vmware | horizon_view | 4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4C2CB0-9A2B-46B2-9E75-2BADAE722BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "838C7C08-15ED-4379-8A5B-9419D13AE7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5C064187-0870-4672-9D64-92D643FA9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60F08698-0194-4892-9A46-93C53C0C660B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "287275D4-E311-4A1B-BC5C-2FB3A64691E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED552760-4DB1-4E56-B6C1-23E053858055",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "FACC8634-05E5-44D6-8020-5148E66C2434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "D67A6B2F-D6BD-41C9-81DF-B28AEACB4435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "291360AF-C8C5-4E99-9FAE-E3BFFD50C18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "A6FB33DA-7A42-4383-9061-228C24AACF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "524D0D00-7E4D-4400-870C-033180282C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.4:*:*:*:*:windows:*:*",
"matchCriteriaId": "075928E9-A640-4612-800E-2D24ADA1F541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "6EF0E241-64D2-439C-8B34-42A8FC1A218E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.6:*:*:*:*:windows:*:*",
"matchCriteriaId": "C06AE4BF-C2A0-477B-A88D-5E9EA482F775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client."
},
{
"lang": "es",
"value": "VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Horizon View Client para Windows (en versiones 4.x anteriores a la 4.6.1) contienen una vulnerabilidad de lectura fuera de l\u00edmites en el analizador JPEG2000 en TPView.dll. En Workstation, esto puede permitir que un invitado ejecute c\u00f3digo o provoque una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Workstation. En el caso de Horizon View Client, esto puede permitir que una opci\u00f3n \"Ver escritorio\" ejecute c\u00f3digo o provoque una denegaci\u00f3n de servicio en el sistema operativo que ejecuta Horizon View Client. Solo es posible que se explote esta vulnerabilidad si se ha habilitado la impresi\u00f3n virtual. Esta caracter\u00edstica no est\u00e1 habilitada por defecto en Workstation, pero s\u00ed lo est\u00e1 en Horizon View Client."
}
],
"id": "CVE-2017-4937",
"lastModified": "2024-11-21T03:26:42.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T14:29:00.653",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101892"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039835"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 13:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_view | 4.0 | |
| vmware | horizon_view | 4.1 | |
| vmware | horizon_view | 4.2 | |
| vmware | horizon_view | 4.3 | |
| vmware | workstation | 12.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF333D9B-18E5-4753-B6FA-5AE9001F6C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91776C-7B4E-4242-B8F8-EAC4D18C2748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "003D6C48-2873-4070-A433-109AD21036E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2E2C09-1BFD-46D5-A56A-987D6739BCF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1659EFD4-97A7-4DBC-91DA-0B9EE18874F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
},
{
"lang": "es",
"value": "Workstation (versiones 12.x anteriores a 12.5.3) y Horizon View Client (versiones 4.x anteriores a 4.4.0) de VMware, contienen varias vulnerabilidades de desbordamiento de b\u00fafer de la pila en el analizador JPEG2000 en la biblioteca TPView.dll. En Workstation, esto puede permitir a un invitado ejecutar c\u00f3digo o realizar una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Workstation. En el caso de Horizon View Client, esto puede permitir a un escritorio de View ejecutar c\u00f3digo o realice una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Horizon View Client. La explotaci\u00f3n solo es posible si la impresi\u00f3n virtual ha sido habilitada. Esta funcionalidad no est\u00e1 habilitada por defecto en Workstation, pero est\u00e1 habilitada por defecto en Horizon View."
}
],
"id": "CVE-2017-4908",
"lastModified": "2024-11-21T03:26:38.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T13:29:00.250",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97912"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 13:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_view | 4.0 | |
| vmware | horizon_view | 4.1 | |
| vmware | horizon_view | 4.2 | |
| vmware | horizon_view | 4.3 | |
| vmware | workstation | 12.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF333D9B-18E5-4753-B6FA-5AE9001F6C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91776C-7B4E-4242-B8F8-EAC4D18C2748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "003D6C48-2873-4070-A433-109AD21036E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2E2C09-1BFD-46D5-A56A-987D6739BCF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1659EFD4-97A7-4DBC-91DA-0B9EE18874F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
},
{
"lang": "es",
"value": "Workstation (versiones 12.x anteriores a 12.5.3) y Horizon View Client (versiones 4.x anteriores a 4.4.0) de VMware, contienen varias vulnerabilidades de escritura fuera de l\u00edmites en el analizador JPEG2000 en la biblioteca TPView.dll. En Workstation, esto puede permitir a un invitado ejecutar c\u00f3digo o realizar una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Workstation. En el caso de Horizon View Client, esto puede permitir que un escritorio de View ejecute c\u00f3digo o realice una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Horizon View Client. La explotaci\u00f3n solo es posible si la impresi\u00f3n virtual ha sido habilitada. Esta funcionalidad no est\u00e1 habilitada por defecto en Workstation, pero est\u00e1 habilitada por defecto en Horizon View."
}
],
"id": "CVE-2017-4911",
"lastModified": "2024-11-21T03:26:39.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T13:29:00.343",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97916"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 14:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/101902 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039835 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039836 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2017-0018.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101902 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039835 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039836 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2017-0018.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 12.0.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 | |
| vmware | workstation | 12.5.3 | |
| vmware | workstation | 12.5.4 | |
| vmware | workstation | 12.5.5 | |
| vmware | workstation | 12.5.6 | |
| vmware | workstation | 12.5.7 | |
| vmware | horizon_view | 4.0.0 | |
| vmware | horizon_view | 4.0.1 | |
| vmware | horizon_view | 4.1 | |
| vmware | horizon_view | 4.2 | |
| vmware | horizon_view | 4.3 | |
| vmware | horizon_view | 4.4 | |
| vmware | horizon_view | 4.5 | |
| vmware | horizon_view | 4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4C2CB0-9A2B-46B2-9E75-2BADAE722BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "838C7C08-15ED-4379-8A5B-9419D13AE7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5C064187-0870-4672-9D64-92D643FA9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60F08698-0194-4892-9A46-93C53C0C660B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "287275D4-E311-4A1B-BC5C-2FB3A64691E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED552760-4DB1-4E56-B6C1-23E053858055",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "FACC8634-05E5-44D6-8020-5148E66C2434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "D67A6B2F-D6BD-41C9-81DF-B28AEACB4435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "291360AF-C8C5-4E99-9FAE-E3BFFD50C18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "A6FB33DA-7A42-4383-9061-228C24AACF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "524D0D00-7E4D-4400-870C-033180282C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.4:*:*:*:*:windows:*:*",
"matchCriteriaId": "075928E9-A640-4612-800E-2D24ADA1F541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "6EF0E241-64D2-439C-8B34-42A8FC1A218E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.6:*:*:*:*:windows:*:*",
"matchCriteriaId": "C06AE4BF-C2A0-477B-A88D-5E9EA482F775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client."
},
{
"lang": "es",
"value": "VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Horizon View Client para Windows (en versiones 4.x anteriores a la 4.6.1) contienen una vulnerabilidad de escritura fuera de l\u00edmites en el analizador JPEG2000 en TPView.dll. En Workstation, esto puede permitir que un invitado ejecute c\u00f3digo o provoque una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Workstation. En el caso de Horizon View Client, esto puede permitir que una opci\u00f3n \"Ver escritorio\" ejecute c\u00f3digo o provoque una denegaci\u00f3n de servicio en el sistema operativo que ejecuta Horizon View Client. Solo es posible que se explote esta vulnerabilidad si se ha habilitado la impresi\u00f3n virtual. Esta caracter\u00edstica no est\u00e1 habilitada por defecto en Workstation, pero s\u00ed lo est\u00e1 en Horizon View Client."
}
],
"id": "CVE-2017-4935",
"lastModified": "2024-11-21T03:26:42.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T14:29:00.577",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101902"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039835"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 13:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_view | 4.0 | |
| vmware | horizon_view | 4.1 | |
| vmware | horizon_view | 4.2 | |
| vmware | horizon_view | 4.3 | |
| vmware | workstation | 12.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF333D9B-18E5-4753-B6FA-5AE9001F6C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91776C-7B4E-4242-B8F8-EAC4D18C2748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "003D6C48-2873-4070-A433-109AD21036E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2E2C09-1BFD-46D5-A56A-987D6739BCF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1659EFD4-97A7-4DBC-91DA-0B9EE18874F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
},
{
"lang": "es",
"value": "Workstation (versiones 12.x anteriores a 12.5.3) y Horizon View Client (versiones 4.x anteriores a 4.4.0) de VMware, contienen varias vulnerabilidades de lectura fuera de l\u00edmites en el analizador TrueType Font (TTF) en la biblioteca TPView.dll. En Workstation, esto puede permitir a un invitado ejecutar c\u00f3digo o realizar una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Workstation. En el caso de Horizon View Client, esto puede permitir que un escritorio de View ejecute c\u00f3digo o realice una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Horizon View Client. La explotaci\u00f3n solo es posible si la impresi\u00f3n virtual ha sido habilitada. Esta funcionalidad no est\u00e1 habilitada por defecto en Workstation, pero est\u00e1 habilitada por defecto en Horizon View."
}
],
"id": "CVE-2017-4912",
"lastModified": "2024-11-21T03:26:39.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T13:29:00.377",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97921"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 13:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_view | 4.0 | |
| vmware | horizon_view | 4.1 | |
| vmware | horizon_view | 4.2 | |
| vmware | horizon_view | 4.3 | |
| vmware | workstation | 12.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF333D9B-18E5-4753-B6FA-5AE9001F6C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91776C-7B4E-4242-B8F8-EAC4D18C2748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "003D6C48-2873-4070-A433-109AD21036E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2E2C09-1BFD-46D5-A56A-987D6739BCF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1659EFD4-97A7-4DBC-91DA-0B9EE18874F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
},
{
"lang": "es",
"value": "Workstation (versiones 12.x anteriores a 12.5.3) y Horizon View Client (versiones 4.x anteriores a 4.4.0) de VMware, contienen una vulnerabilidad de desbordamiento de b\u00fafer de la pila en el analizador TrueType Font (TTF) en la biblioteca TPView.dll. En Workstation, esto puede permitir a un invitado ejecutar c\u00f3digo o realizar una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Workstation. En el caso de Horizon View Client, esto puede permitir que un escritorio de View ejecute c\u00f3digo o realice una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Horizon View Client. La explotaci\u00f3n solo es posible si la impresi\u00f3n virtual ha sido habilitada. Esta funcionalidad no est\u00e1 habilitada por defecto en Workstation, pero est\u00e1 habilitada por defecto en Horizon View."
}
],
"id": "CVE-2017-4909",
"lastModified": "2024-11-21T03:26:38.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T13:29:00.280",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97911"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-05 14:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 12.0.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.0 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 | |
| vmware | workstation | 12.5.3 | |
| vmware | workstation | 12.5.4 | |
| vmware | workstation | 12.5.5 | |
| vmware | workstation | 12.5.6 | |
| vmware | workstation | 12.5.7 | |
| vmware | workstation | 12.5.8 | |
| vmware | workstation | 12.5.9 | |
| vmware | workstation | 14.0 | |
| vmware | horizon_view | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4C2CB0-9A2B-46B2-9E75-2BADAE722BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42EF613B-3436-4951-8F4D-9F22144E06CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "838C7C08-15ED-4379-8A5B-9419D13AE7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5C064187-0870-4672-9D64-92D643FA9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60F08698-0194-4892-9A46-93C53C0C660B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "287275D4-E311-4A1B-BC5C-2FB3A64691E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED552760-4DB1-4E56-B6C1-23E053858055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A4B5F2-7123-40C5-BBB7-D3EA3EA3B204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D95044-581B-4634-8A5A-D6167AE4E2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB96DAF-5A43-4437-81BF-B47067336505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1750179A-D71E-408C-8B91-6E5E680E9AF8",
"versionEndExcluding": "4.7",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
},
{
"lang": "es",
"value": "VMware Workstation (en versiones 14.x anteriores a la 14.1.0 y 12.x) y Horizon View Client (en versiones 4.x anteriores a la 4.7.0) contienen una vulnerabilidad de lectura fuera de l\u00edmites en TPView.dll. En Workstation, este problema junto con otros errores podr\u00eda permitir que un invitado filtre informaci\u00f3n del host o podr\u00eda permitir que se produzca una denegaci\u00f3n de servicio (DoS) en el sistema operativo de Windows que ejecuta Workstation. En el caso de Horizon View Client, esto junto con otros errores puede permitir que una opci\u00f3n \"Ver escritorio\" revele informaci\u00f3n del host o podr\u00eda permitir que se produzca una denegaci\u00f3n de servicio (DoS) en el sistema operativo de Windows que ejecuta Horizon View Client. Solo es posible que se explote esta vulnerabilidad si se ha habilitado la impresi\u00f3n virtual. Esta caracter\u00edstica no est\u00e1 habilitada por defecto en Workstation, pero s\u00ed lo est\u00e1 en Horizon View."
}
],
"id": "CVE-2017-4948",
"lastModified": "2024-11-21T03:26:44.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-05T14:29:10.547",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102441"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040108"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040109"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040136"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 13:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_view | 4.0 | |
| vmware | horizon_view | 4.1 | |
| vmware | horizon_view | 4.2 | |
| vmware | horizon_view | 4.3 | |
| vmware | workstation | 12.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF333D9B-18E5-4753-B6FA-5AE9001F6C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC91776C-7B4E-4242-B8F8-EAC4D18C2748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "003D6C48-2873-4070-A433-109AD21036E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2E2C09-1BFD-46D5-A56A-987D6739BCF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1659EFD4-97A7-4DBC-91DA-0B9EE18874F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
},
{
"lang": "es",
"value": "Workstation (versiones 12.x anteriores a 12.5.3) y Horizon View Client (versiones 4.x anteriores a 4.4.0) de VMware, contienen una vulnerabilidad de desbordamiento de enteros en el analizador True Type Font en la biblioteca TPView.dll. En Workstation, esto puede permitir a un invitado ejecutar c\u00f3digo o realizar una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Workstation. En el caso de Horizon View Client, esto puede permitir que un escritorio de View ejecute c\u00f3digo o realice una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Horizon View Client. La explotaci\u00f3n solo es posible si la impresi\u00f3n virtual ha sido habilitada. Esta funcionalidad no est\u00e1 habilitada por defecto en Workstation, pero est\u00e1 habilitada por defecto en Horizon View."
}
],
"id": "CVE-2017-4913",
"lastModified": "2024-11-21T03:26:39.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T13:29:00.390",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97920"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 14:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/101892 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039835 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1039836 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2017-0018.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101892 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039835 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039836 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2017-0018.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | workstation | 12.0.0 | |
| vmware | workstation | 12.0.1 | |
| vmware | workstation | 12.1 | |
| vmware | workstation | 12.1.1 | |
| vmware | workstation | 12.5 | |
| vmware | workstation | 12.5.1 | |
| vmware | workstation | 12.5.2 | |
| vmware | workstation | 12.5.3 | |
| vmware | workstation | 12.5.4 | |
| vmware | workstation | 12.5.5 | |
| vmware | workstation | 12.5.6 | |
| vmware | workstation | 12.5.7 | |
| vmware | horizon_view | 4.0.0 | |
| vmware | horizon_view | 4.0.1 | |
| vmware | horizon_view | 4.1 | |
| vmware | horizon_view | 4.2 | |
| vmware | horizon_view | 4.3 | |
| vmware | horizon_view | 4.4 | |
| vmware | horizon_view | 4.5 | |
| vmware | horizon_view | 4.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4C2CB0-9A2B-46B2-9E75-2BADAE722BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "838C7C08-15ED-4379-8A5B-9419D13AE7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5C064187-0870-4672-9D64-92D643FA9C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60F08698-0194-4892-9A46-93C53C0C660B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "287275D4-E311-4A1B-BC5C-2FB3A64691E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED552760-4DB1-4E56-B6C1-23E053858055",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "FACC8634-05E5-44D6-8020-5148E66C2434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.0.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "D67A6B2F-D6BD-41C9-81DF-B28AEACB4435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.1:*:*:*:*:windows:*:*",
"matchCriteriaId": "291360AF-C8C5-4E99-9FAE-E3BFFD50C18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "A6FB33DA-7A42-4383-9061-228C24AACF31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.3:*:*:*:*:windows:*:*",
"matchCriteriaId": "524D0D00-7E4D-4400-870C-033180282C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.4:*:*:*:*:windows:*:*",
"matchCriteriaId": "075928E9-A640-4612-800E-2D24ADA1F541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.5:*:*:*:*:windows:*:*",
"matchCriteriaId": "6EF0E241-64D2-439C-8B34-42A8FC1A218E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:4.6:*:*:*:*:windows:*:*",
"matchCriteriaId": "C06AE4BF-C2A0-477B-A88D-5E9EA482F775",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client."
},
{
"lang": "es",
"value": "VMware Workstation (en versiones 12.x anteriores a la 12.5.8) y Horizon View Client para Windows (en versiones 4.x anteriores a la 4.6.1) contienen una vulnerabilidad de lectura fuera de l\u00edmites en el analizador JPEG2000 en TPView.dll. En Workstation, esto puede permitir que un invitado ejecute c\u00f3digo o provoque una denegaci\u00f3n de servicio en el sistema operativo Windows que ejecuta Workstation. En el caso de Horizon View Client, esto puede permitir que una opci\u00f3n \"Ver escritorio\" ejecute c\u00f3digo o provoque una denegaci\u00f3n de servicio en el sistema operativo que ejecuta Horizon View Client."
}
],
"id": "CVE-2017-4936",
"lastModified": "2024-11-21T03:26:42.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T14:29:00.623",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101892"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039835"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-13 21:48
Modified
2024-11-21 04:11
Severity ?
Summary
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | http://www.securityfocus.com/bid/105031 | Third Party Advisory, VDB Entry | |
| security@vmware.com | http://www.securitytracker.com/id/1041430 | Third Party Advisory, VDB Entry | |
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2018-0019.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105031 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041430 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vmware.com/security/advisories/VMSA-2018-0019.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_client | * | |
| vmware | horizon_view | * | |
| vmware | horizon_view | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "783537DD-0B23-41F3-AFAD-9D0291EC33DF",
"versionEndExcluding": "4.8.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C67BA1CB-EAC5-47D4-AA0C-AC81B2E19021",
"versionEndExcluding": "6.2.7",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80E8C9B5-6E87-4778-A9CE-768AD8BCB59B",
"versionEndExcluding": "7.5.1",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn\u0027t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems."
},
{
"lang": "es",
"value": "VMware Horizon 6 (6.x.x en versiones anteriores a la 6.2.7), Horizon 7 (7.x.x en versiones anteriores a la 7.5.1) y Horizon Client (4.x.x en versiones anteriores a la 4.8.1) contiene una vulnerabilidad de lectura fuera de l\u00edmites en la librer\u00eda Message Framework. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que un usuario con menos privilegios filtre informaci\u00f3n desde un proceso privilegiado que se ejecuta en un sistema donde est\u00e9n instalados Horizon Connection Server, Horizon Agent o Horizon Client. Nota: este problema no aplica a los agentes de Horizon 6 y 7 instalados en los sistemas Linux o a los clientes de Horizon instalados en sistemas que no son Windows."
}
],
"id": "CVE-2018-6970",
"lastModified": "2024-11-21T04:11:30.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-13T21:48:02.197",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105031"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041430"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-08 13:29
Modified
2024-11-21 03:26
Severity ?
Summary
VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | horizon_view | 6.0 | |
| vmware | horizon_view | 6.0.2 | |
| vmware | horizon_view | 6.1 | |
| vmware | horizon_view | 6.1.1 | |
| vmware | horizon_view | 6.2 | |
| vmware | horizon_view | 6.2.1 | |
| vmware | horizon_view | 6.2.2 | |
| vmware | horizon_view | 6.2.3 | |
| vmware | horizon_view | 6.2.4 | |
| vmware | horizon_view | 7.0 | |
| vmware | unified_access_gateway | 2.5 | |
| vmware | unified_access_gateway | 2.5.1 | |
| vmware | unified_access_gateway | 2.7 | |
| vmware | unified_access_gateway | 2.7.2 | |
| vmware | unified_access_gateway | 2.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "370FCB86-72ED-47AB-A414-A12E6C970BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67EA006A-76A5-489E-BD3E-FAFC00AB63C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75798329-EAC2-4B6F-A943-9EB6F01B5145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DEE3EA-30C8-4653-96B3-17D9F66AFDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C7C278-5A1D-41A3-AEFB-10AA859DEF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "155B09B1-D94A-42C6-89DE-76180968C5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32840997-8DA1-481A-BC2B-6A5D3335826D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5252980E-77DE-41C9-B829-775BB929FB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB3A1FE-4DB8-4536-B94F-21C4560D7BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:horizon_view:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA685CC7-AD8E-4EB6-A6B7-46F126BDE92E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:unified_access_gateway:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14D2DF40-13F6-4A11-B96B-002039F16C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:unified_access_gateway:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE4B7AA9-E5F1-4388-A083-D1817EE8FA51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:unified_access_gateway:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAAC0B8-C653-40F3-B2E9-7C5DED57E81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:unified_access_gateway:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AFC21D-88E4-4AF0-9DA2-17DCBEE12D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:unified_access_gateway:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C68F416E-BD1C-4D9F-B3E9-BB05EB421216",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway."
},
{
"lang": "es",
"value": "Unified Access Gateway (versiones 2.5.x, 2.7.x, 2.8.x anteriores a 2.8.1) y Horizon View (versiones 7.x anteriores a 7.1.0, versiones 6.x anteriores a 6.2.4) de VMware, contienen una vulnerabilidad de desbordamiento de b\u00fafer de la pila que puede permitir a un atacante remoto ejecutar c\u00f3digo en la puerta de enlace de seguridad."
}
],
"id": "CVE-2017-4907",
"lastModified": "2024-11-21T03:26:38.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-08T13:29:00.220",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97914"
},
{
"source": "security@vmware.com",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-4948
Vulnerability from cvelistv5
Published
2018-01-05 14:00
Modified
2024-09-16 23:31
Severity ?
EPSS score ?
Summary
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040109 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1040108 | vdb-entry, x_refsource_SECTRACK | |
| https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102441 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040136 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Workstation |
Version: 14.x before 14.1.0 Version: 12.x |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040109",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040109"
},
{
"name": "1040108",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040108"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html"
},
{
"name": "102441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102441"
},
{
"name": "1040136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "14.x before 14.1.0"
},
{
"status": "affected",
"version": "12.x"
}
]
},
{
"product": "Horizon Client for Windows",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "4.x before 4.7.0"
}
]
}
],
"datePublic": "2018-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-13T10:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1040109",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040109"
},
{
"name": "1040108",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040108"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html"
},
{
"name": "102441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102441"
},
{
"name": "1040136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-01-04T00:00:00",
"ID": "CVE-2017-4948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "14.x before 14.1.0"
},
{
"version_value": "12.x"
}
]
}
},
{
"product_name": "Horizon Client for Windows",
"version": {
"version_data": [
{
"version_value": "4.x before 4.7.0"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040109",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040109"
},
{
"name": "1040108",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040108"
},
{
"name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html"
},
{
"name": "102441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102441"
},
{
"name": "1040136",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4948",
"datePublished": "2018-01-05T14:00:00Z",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-09-16T23:31:06.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4937
Vulnerability from cvelistv5
Published
2017-11-17 14:00
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2017-0018.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039836 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101892 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039835 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Workstation |
Version: 12.x before 12.5.8 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"name": "1039836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"name": "101892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101892"
},
{
"name": "1039835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x before 12.5.8"
}
]
},
{
"product": "Horizon View Client for Windows",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "4.x before 4.6.1"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-21T10:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"name": "1039836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"name": "101892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101892"
},
{
"name": "1039835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039835"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-11-16T00:00:00",
"ID": "CVE-2017-4937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "12.x before 12.5.8"
}
]
}
},
{
"product_name": "Horizon View Client for Windows",
"version": {
"version_data": [
{
"version_value": "4.x before 4.6.1"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"name": "1039836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039836"
},
{
"name": "101892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101892"
},
{
"name": "1039835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039835"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4937",
"datePublished": "2017-11-17T14:00:00Z",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-09-16T22:09:02.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6970
Vulnerability from cvelistv5
Published
2018-08-13 21:00
Modified
2024-09-17 02:00
Severity ?
EPSS score ?
Summary
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041430 | vdb-entry, x_refsource_SECTRACK | |
| https://www.vmware.com/security/advisories/VMSA-2018-0019.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105031 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | VMware Horizon 6, Horizon 7, and Horizon Client |
Version: VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041430",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html"
},
{
"name": "105031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VMware Horizon 6, Horizon 7, and Horizon Client",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1)"
}
]
}
],
"datePublic": "2018-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn\u0027t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-14T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1041430",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html"
},
{
"name": "105031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105031"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-08-07T00:00:00",
"ID": "CVE-2018-6970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware Horizon 6, Horizon 7, and Horizon Client",
"version": {
"version_data": [
{
"version_value": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1)"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn\u0027t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041430",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041430"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0019.html"
},
{
"name": "105031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105031"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2018-6970",
"datePublished": "2018-08-13T21:00:00Z",
"dateReserved": "2018-02-14T00:00:00",
"dateUpdated": "2024-09-17T02:00:49.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4936
Vulnerability from cvelistv5
Published
2017-11-17 14:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2017-0018.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039836 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101892 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039835 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Workstation |
Version: 12.x before 12.5.8 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"name": "1039836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"name": "101892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101892"
},
{
"name": "1039835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x before 12.5.8"
}
]
},
{
"product": "Horizon View Client for Windows",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "4.x before 4.6.1"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-21T10:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"name": "1039836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"name": "101892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101892"
},
{
"name": "1039835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039835"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-11-16T00:00:00",
"ID": "CVE-2017-4936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "12.x before 12.5.8"
}
]
}
},
{
"product_name": "Horizon View Client for Windows",
"version": {
"version_data": [
{
"version_value": "4.x before 4.6.1"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"name": "1039836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039836"
},
{
"name": "101892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101892"
},
{
"name": "1039835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039835"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4936",
"datePublished": "2017-11-17T14:00:00Z",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-09-17T00:26:28.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4907
Vulnerability from cvelistv5
Published
2017-06-08 13:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038281 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97914 | vdb-entry, x_refsource_BID | |
| http://www.vmware.com/security/advisories/VMSA-2017-0008.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Unified Access Gateway |
Version: 2.5.x Version: 2.7.x Version: 2.8.x prior to 2.8.1 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97914",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unified Access Gateway",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "2.5.x"
},
{
"status": "affected",
"version": "2.7.x"
},
{
"status": "affected",
"version": "2.8.x prior to 2.8.1"
}
]
},
{
"product": "Horizon View",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "7.x prior to 7.1.0"
},
{
"status": "affected",
"version": "6.x prior to 6.2.4"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap buffer-overflow vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97914",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unified Access Gateway",
"version": {
"version_data": [
{
"version_value": "2.5.x"
},
{
"version_value": "2.7.x"
},
{
"version_value": "2.8.x prior to 2.8.1"
}
]
}
},
{
"product_name": "Horizon View",
"version": {
"version_data": [
{
"version_value": "7.x prior to 7.1.0"
},
{
"version_value": "6.x prior to 6.2.4"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer-overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97914"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4907",
"datePublished": "2017-06-08T13:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4908
Vulnerability from cvelistv5
Published
2017-06-08 13:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038281 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97912 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038280 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2017-0008.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Workstation |
Version: 12.x prior to 12.5.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97912"
},
{
"name": "1038280",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.3"
}
]
},
{
"product": "Horizon View Client for Windows",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "4.x prior to 4.4.0"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based buffer overflow issues via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97912"
},
{
"name": "1038280",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.3"
}
]
}
},
{
"product_name": "Horizon View Client for Windows",
"version": {
"version_data": [
{
"version_value": "4.x prior to 4.4.0"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow issues via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97912"
},
{
"name": "1038280",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4908",
"datePublished": "2017-06-08T13:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4912
Vulnerability from cvelistv5
Published
2017-06-08 13:00
Modified
2024-08-05 14:47
Severity ?
EPSS score ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038281 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97921 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038280 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2017-0008.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Workstation |
Version: 12.x prior to 12.5.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:42.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97921",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97921"
},
{
"name": "1038280",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.3"
}
]
},
{
"product": "Horizon View Client for Windows",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "4.x prior to 4.4.0"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read issues via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97921",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97921"
},
{
"name": "1038280",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.3"
}
]
}
},
{
"product_name": "Horizon View Client for Windows",
"version": {
"version_data": [
{
"version_value": "4.x prior to 4.4.0"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read issues via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97921"
},
{
"name": "1038280",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4912",
"datePublished": "2017-06-08T13:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:47:42.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4911
Vulnerability from cvelistv5
Published
2017-06-08 13:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038281 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1038280 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97916 | vdb-entry, x_refsource_BID | |
| http://www.vmware.com/security/advisories/VMSA-2017-0008.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Workstation |
Version: 12.x prior to 12.5.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "1038280",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038280"
},
{
"name": "97916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97916"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.3"
}
]
},
{
"product": "Horizon View Client for Windows",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "4.x prior to 4.4.0"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write issues via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "1038280",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038280"
},
{
"name": "97916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97916"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.3"
}
]
}
},
{
"product_name": "Horizon View Client for Windows",
"version": {
"version_data": [
{
"version_value": "4.x prior to 4.4.0"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write issues via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "1038280",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"name": "97916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97916"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4911",
"datePublished": "2017-06-08T13:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4935
Vulnerability from cvelistv5
Published
2017-11-17 14:00
Modified
2024-09-16 17:18
Severity ?
EPSS score ?
Summary
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2017-0018.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039836 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1039835 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/101902 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Workstation |
Version: 12.x before 12.5.8 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"name": "1039836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"name": "1039835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039835"
},
{
"name": "101902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101902"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x before 12.5.8"
}
]
},
{
"product": "Horizon View Client for Windows",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "4.x before 4.6.1"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-21T10:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"name": "1039836",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039836"
},
{
"name": "1039835",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039835"
},
{
"name": "101902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101902"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-11-16T00:00:00",
"ID": "CVE-2017-4935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "12.x before 12.5.8"
}
]
}
},
{
"product_name": "Horizon View Client for Windows",
"version": {
"version_data": [
{
"version_value": "4.x before 4.6.1"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html"
},
{
"name": "1039836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039836"
},
{
"name": "1039835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039835"
},
{
"name": "101902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101902"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4935",
"datePublished": "2017-11-17T14:00:00Z",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-09-16T17:18:03.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4910
Vulnerability from cvelistv5
Published
2017-06-08 13:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038281 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97913 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038280 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2017-0008.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Workstation |
Version: 12.x prior to 12.5.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97913"
},
{
"name": "1038280",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.3"
}
]
},
{
"product": "Horizon View Client for Windows",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "4.x prior to 4.4.0"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds read issues via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97913"
},
{
"name": "1038280",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.3"
}
]
}
},
{
"product_name": "Horizon View Client for Windows",
"version": {
"version_data": [
{
"version_value": "4.x prior to 4.4.0"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read issues via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97913"
},
{
"name": "1038280",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4910",
"datePublished": "2017-06-08T13:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4909
Vulnerability from cvelistv5
Published
2017-06-08 13:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038281 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97911 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038280 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vmware.com/security/advisories/VMSA-2017-0008.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Workstation |
Version: 12.x prior to 12.5.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97911"
},
{
"name": "1038280",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.3"
}
]
},
{
"product": "Horizon View Client for Windows",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "4.x prior to 4.4.0"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based buffer overflow issue via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97911"
},
{
"name": "1038280",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.3"
}
]
}
},
{
"product_name": "Horizon View Client for Windows",
"version": {
"version_data": [
{
"version_value": "4.x prior to 4.4.0"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based buffer overflow issue via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97911"
},
{
"name": "1038280",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038280"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4909",
"datePublished": "2017-06-08T13:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4918
Vulnerability from cvelistv5
Published
2017-06-08 19:00
Modified
2024-08-05 14:47
Severity ?
EPSS score ?
Summary
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038642 | vdb-entry, x_refsource_SECTRACK | |
| https://www.vmware.com/security/advisories/VMSA-2017-0011.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98984 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | VMware | Horizon View Client for Mac |
Version: 2.x Version: 3.x Version: 4.x prior to 4.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:43.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038642",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0011.html"
},
{
"name": "98984",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Horizon View Client for Mac",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "2.x"
},
{
"status": "affected",
"version": "3.x"
},
{
"status": "affected",
"version": "4.x prior to 4.5.0"
}
]
}
],
"datePublic": "2017-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command injection vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1038642",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0011.html"
},
{
"name": "98984",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98984"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Horizon View Client for Mac",
"version": {
"version_data": [
{
"version_value": "2.x"
},
{
"version_value": "3.x"
},
{
"version_value": "4.x prior to 4.5.0"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038642",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038642"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0011.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0011.html"
},
{
"name": "98984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98984"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4918",
"datePublished": "2017-06-08T19:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:47:43.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-4913
Vulnerability from cvelistv5
Published
2017-06-08 13:00
Modified
2024-08-05 14:47
Severity ?
EPSS score ?
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038281 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97920 | vdb-entry, x_refsource_BID | |
| http://www.vmware.com/security/advisories/VMSA-2017-0008.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | VMware | Workstation |
Version: 12.x prior to 12.5.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:47:42.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97920",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97920"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "12.x prior to 12.5.3"
}
]
},
{
"product": "Horizon View Client for Windows",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "4.x prior to 4.4.0"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer overflow vulnerability via Cortado ThinPrint",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "1038281",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97920",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97920"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2017-4913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "12.x prior to 12.5.3"
}
]
}
},
{
"product_name": "Horizon View Client for Windows",
"version": {
"version_data": [
{
"version_value": "4.x prior to 4.4.0"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow vulnerability via Cortado ThinPrint"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038281"
},
{
"name": "97920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97920"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2017-4913",
"datePublished": "2017-06-08T13:00:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-05T14:47:42.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7087
Vulnerability from cvelistv5
Published
2016-12-29 09:02
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93455 | vdb-entry, x_refsource_BID | |
| http://www.vmware.com/security/advisories/VMSA-2016-0015.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036972 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93455"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0015.html"
},
{
"name": "1036972",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93455"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0015.html"
},
{
"name": "1036972",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036972"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93455"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0015.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0015.html"
},
{
"name": "1036972",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036972"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7087",
"datePublished": "2016-12-29T09:02:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}