Vulnerabilities > CVE-2017-4911 - Out-of-bounds Write vulnerability in VMWare Horizon View and Workstation
Summary
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id VMWARE_HORIZON_VIEW_CLIENT_VMSA_2017_0008.NASL description The version of VMware Horizon View Client installed on the remote host is 4.x prior to 4.4.0. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the Cortado ThinPrint component, specifically within TPView.dll, due to improper validation of certain input when parsing JPEG2000 files. An attacker on the guest can exploit this to cause a denial of service condition or the execution or arbitrary code on the host system. (CVE-2017-4908) - A heap buffer overflow condition exists in the Cortado ThinPrint component, specifically within TPView.dll, due to improper validation of certain input when parsing TrueType Fonts. An attacker on the guest can exploit this to cause a denial of service condition or the execution or arbitrary code on the host system. (CVE-2017-4909) - Out-of-bounds read and write errors exist in the Cortado ThinPrint component, specifically within TPView.dll, due to improper validation of certain input when parsing JPEG2000 files. An attacker on the guest can exploit these to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code on the host system. (CVE-2017-4910, CVE-2017-4911) - Out-of-bounds read and write errors exist in the Cortado ThinPrint component, specifically within TPView.dll, due to improper validation of certain input when parsing TrueType Fonts. An attacker on the guest can exploit these to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code on the host system. (CVE-2017-4912) - An integer overflow condition exists in the Cortado ThinPrint component, specifically within TPView.dll, due to improper validation of certain input when parsing TrueType Fonts. An attacker on the guest can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code on the host system. (CVE-2017-4913) The above vulnerabilities can be exploited only if virtual printing has been enabled. This feature is enabled by default on VMware Horizon View. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 99709 published 2017-04-27 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99709 title VMware Horizon View Client 4.x < 4.4.0 Multiple Vulnerabilities (VMSA-2017-0008) NASL family Windows NASL id VMWARE_WORKSTATION_WIN_VMSA_2017_0008.NASL description The version of VMware Workstation installed on the remote Windows host is 12.x prior to 12.5.3. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in the Cortado ThinPrint component, specifically within TPView.dll, due to improper validation of certain input when parsing JPEG2000 files. An attacker on the guest can exploit this to cause a denial of service condition or the execution or arbitrary code on the host system. (CVE-2017-4908) - A heap buffer overflow condition exists in the Cortado ThinPrint component, specifically within TPView.dll, due to improper validation of certain input when parsing TrueType Fonts. An attacker on the guest can exploit this to cause a denial of service condition or the execution or arbitrary code on the host system. (CVE-2017-4909) - Out-of-bounds read and write errors exist in the Cortado ThinPrint component, specifically within TPView.dll, due to improper validation of certain input when parsing JPEG2000 files. An attacker on the guest can exploit these to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code on the host system. (CVE-2017-4910, CVE-2017-4911) - Out-of-bounds read and write errors exist in the Cortado ThinPrint component, specifically within TPView.dll, due to improper validation of certain input when parsing TrueType Fonts. An attacker on the guest can exploit these to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code on the host system. (CVE-2017-4912) - An integer overflow condition exists in the Cortado ThinPrint component, specifically within TPView.dll, due to improper validation of certain input when parsing TrueType Fonts. An attacker on the guest can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code on the host system. (CVE-2017-4913) The above vulnerabilities can be exploited only if virtual printing has been enabled. This feature is not enabled by default on VMware Workstation. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 99590 published 2017-04-21 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/99590 title VMware Workstation 12.x < 12.5.3 Multiple Vulnerabilities (VMSA-2017-0008)
References
- http://www.securityfocus.com/bid/97916
- http://www.securityfocus.com/bid/97916
- http://www.securitytracker.com/id/1038280
- http://www.securitytracker.com/id/1038280
- http://www.securitytracker.com/id/1038281
- http://www.securitytracker.com/id/1038281
- http://www.vmware.com/security/advisories/VMSA-2017-0008.html
- http://www.vmware.com/security/advisories/VMSA-2017-0008.html