Executive Summary
Summary | |
---|---|
Title | - VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities |
Informations | |||
---|---|---|---|
Name | VMSA-2017-0018 | First vendor Publication | 2017-11-16 |
Vendor | VMware | Last vendor Modification | 2017-11-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. Heap buffer-overflow vulnerability in VMNAT device VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. VMware would like to thank Jun Mao of Tencent PC Manager working with ZDI for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4934 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. b. Out-of-bounds write via Cortado ThinPrint VMware Workstation and Horizon View Client contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client. VMware would like to thank Anonymous working with ZDI for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4935 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. c. Multiple out-of-bounds read issues via Cortado ThinPrint VMware Workstation and Horizon View Client contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. VMware would like to thank Ke Liu of Tencent's Xuanwu Lab for reporting these issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-4936 (JPEG2000 Issue-1) and CVE-2017-4937 (JPEG2000 Issue-2) to these issues. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. d. Guest RPC NULL pointer dereference vulnerability VMware Workstation and Fusion contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. VMware would like to thank Skyer for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4938 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2017-0018.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-125 | Out-of-bounds Read |
17 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
17 % | CWE-476 | NULL Pointer Dereference |
17 % | CWE-426 | Untrusted Search Path |
17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-11-29 | Name : A virtualization application installed on the remote macOS or Mac OS X host i... File : macosx_fusion_vmsa_2017_0018.nasl - Type : ACT_GATHER_INFO |
2017-11-29 | Name : A virtualization application installed on the remote host is affected by mult... File : vmware_horizon_view_client_vmsa_2017_0018.nasl - Type : ACT_GATHER_INFO |
2017-11-29 | Name : A virtualization application installed on the remote Windows host is affected... File : vmware_workstation_win_vmsa_2017_0018.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-12-03 21:23:54 |
|
2017-11-30 13:23:42 |
|
2017-11-17 17:23:28 |
|
2017-11-17 09:21:36 |
|