cnvd - cnvd-2017-05884

CNVD-2017-05884

Vulnerability from cnvd - Published: 2017-06-05

Title

VMware Workstation和Horizon View Client存在多个读写漏洞

Description

VMware Workstation是一套收费且功能丰富的虚拟机软件。VMware Workstation Player是一套免费开源的且功能较简单的虚拟机软件。Horizon Client for Windows用于对桌面和应用程序进行虚拟化。 VMware Workstation和Horizon View Client在TPView.dll中的JPEG2000和TrueType Font（TTF）解析器存在多个读取/写入漏洞。允许攻击者在运行Workstation的Windows操作系统上执行代码或执行拒绝服务。

Severity

高

Patch Name

VMware Workstation和Horizon View Client存在多个读写漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.vmware.com/security/advisories/VMSA-2017-0008.html

Reference

http://www.securityfocus.com/bid/97916

Impacted products

Name
['VMware Workstation 12.x', 'VMware Horizon View Client for Windows 7.x', 'VMware Horizon View Client for Windows 6.2.x']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97916"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-4911"
    }
  },
  "description": "VMware Workstation\u662f\u4e00\u5957\u6536\u8d39\u4e14\u529f\u80fd\u4e30\u5bcc\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002VMware Workstation Player\u662f\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u4e14\u529f\u80fd\u8f83\u7b80\u5355\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002Horizon Client for Windows\u7528\u4e8e\u5bf9\u684c\u9762\u548c\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u865a\u62df\u5316\u3002\r\n\r\nVMware Workstation\u548cHorizo\u200b\u200bn View Client\u5728TPView.dll\u4e2d\u7684JPEG2000\u548cTrueType Font\uff08TTF\uff09\u89e3\u6790\u5668\u5b58\u5728\u591a\u4e2a\u8bfb\u53d6/\u5199\u5165\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5728\u8fd0\u884cWorkstation\u7684Windows\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4ee3\u7801\u6216\u6267\u884c\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "\u817e\u8baf\u7384\u6b66\u5b9e\u9a8c\u5ba4",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttp://www.vmware.com/security/advisories/VMSA-2017-0008.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05884",
  "openTime": "2017-06-05",
  "patchDescription": "VMware Workstation\u662f\u4e00\u5957\u6536\u8d39\u4e14\u529f\u80fd\u4e30\u5bcc\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002VMware Workstation Player\u662f\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u4e14\u529f\u80fd\u8f83\u7b80\u5355\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002Horizon Client for Windows\u7528\u4e8e\u5bf9\u684c\u9762\u548c\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u865a\u62df\u5316\u3002\r\n\r\nVMware Workstation\u548cHorizo\u200b\u200bn View Client\u5728TPView.dll\u4e2d\u7684JPEG2000\u548cTrueType Font\uff08TTF\uff09\u89e3\u6790\u5668\u5b58\u5728\u591a\u4e2a\u8bfb\u53d6/\u5199\u5165\u6f0f\u6d1e\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5728\u8fd0\u884cWorkstation\u7684Windows\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4ee3\u7801\u6216\u6267\u884c\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware Workstation\u548cHorizon View Client\u5b58\u5728\u591a\u4e2a\u8bfb\u5199\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware Workstation 12.x",
      "VMware Horizon View Client for Windows 7.x",
      "VMware Horizon View Client for Windows 6.2.x"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97916",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-19",
  "title": "VMware Workstation\u548cHorizon View Client\u5b58\u5728\u591a\u4e2a\u8bfb\u5199\u6f0f\u6d1e"
}

CVE-2017-4911 (GCVE-0-2017-4911)

Vulnerability from cvelistv5 – Published: 2017-06-08 13:00 – Updated: 2024-08-05 14:39

Summary

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Severity ?

No CVSS data available.

CWE

Out-of-bounds write issues via Cortado ThinPrint

Assigner

vmware

References

URL

Tags

	http://www.securitytracker.com/id/1038281	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1038280	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/97916	vdb-entryx_refsource_BID
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

VMware

Workstation

Affected: 12.x prior to 12.5.3

VMware

Horizon View Client for Windows

Affected: 4.x prior to 4.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038281",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038281"
          },
          {
            "name": "1038280",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038280"
          },
          {
            "name": "97916",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Workstation",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "12.x prior to 12.5.3"
            }
          ]
        },
        {
          "product": "Horizon View Client for Windows",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "4.x prior to 4.4.0"
            }
          ]
        }
      ],
      "datePublic": "2017-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds write issues via Cortado ThinPrint",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "name": "1038281",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038281"
        },
        {
          "name": "1038280",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038280"
        },
        {
          "name": "97916",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2017-4911",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Workstation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.x prior to 12.5.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Horizon View Client for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.x prior to 4.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds write issues via Cortado ThinPrint"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038281",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038281"
            },
            {
              "name": "1038280",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038280"
            },
            {
              "name": "97916",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97916"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2017-0008.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2017-4911",
    "datePublished": "2017-06-08T13:00:00",
    "dateReserved": "2016-12-26T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-05884

CVE-2017-4911 (GCVE-0-2017-4911)

Tags

Sightings

Nomenclature