Vulnerabilities > CVE-2020-3989 - Out-of-bounds Write vulnerability in VMWare Horizon Client, Workstation Player and Workstation PRO

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

vmware

CWE-787

NVD

Published: 2020-09-16

Updated: 2020-09-28

Summary

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Horizon Client * Vmware Workstation Player 15.0.2 Vmware Workstation PRO *	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.vmware.com/security/advisories/VMSA-2020-0020.html