Lucene search

[email protected]CVE-2017-4948

HistoryJan 05, 2018 - 2:29 p.m.

CVE-2017-4948

2018-01-0514:29:10

CWE-125

CWE-200

[email protected]

web.nvd.nist.gov

cve-2017-4948

vmware

workstation

horizon view client

out-of-bounds read

vulnerability

denial of service

windows os

tpview.dll

exploitation

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:N/A:C

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Affected configurations

NVD

Node

vmwareworkstationMatch12.0.0

vmwareworkstationMatch12.0.1

vmwareworkstationMatch12.1

vmwareworkstationMatch12.1.1

vmwareworkstationMatch12.5

vmwareworkstationMatch12.5.0

vmwareworkstationMatch12.5.1

vmwareworkstationMatch12.5.2

vmwareworkstationMatch12.5.3

vmwareworkstationMatch12.5.4

vmwareworkstationMatch12.5.5

vmwareworkstationMatch12.5.6

vmwareworkstationMatch12.5.7

vmwareworkstationMatch12.5.8

vmwareworkstationMatch12.5.9

vmwareworkstationMatch14.0

Node

vmwarehorizon_viewRange4.0–4.7

CPENameOperatorVersion
vmware:workstationvmware workstationeq12.0.0
vmware:workstationvmware workstationeq12.0.1
vmware:workstationvmware workstationeq12.1
vmware:workstationvmware workstationeq12.1.1
vmware:workstationvmware workstationeq12.5
vmware:workstationvmware workstationeq12.5.0
vmware:workstationvmware workstationeq12.5.1
vmware:workstationvmware workstationeq12.5.2
vmware:workstationvmware workstationeq12.5.3
vmware:workstationvmware workstationeq12.5.4

CPE	Name	Operator	Version
vmware:workstation	vmware workstation	eq	12.0.0
vmware:workstation	vmware workstation	eq	12.0.1
vmware:workstation	vmware workstation	eq	12.1
vmware:workstation	vmware workstation	eq	12.1.1
vmware:workstation	vmware workstation	eq	12.5
vmware:workstation	vmware workstation	eq	12.5.0
vmware:workstation	vmware workstation	eq	12.5.1
vmware:workstation	vmware workstation	eq	12.5.2
vmware:workstation	vmware workstation	eq	12.5.3
vmware:workstation	vmware workstation	eq	12.5.4

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "Workstation",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "14.x before 14.1.0"
      },
      {
        "status": "affected",
        "version": "12.x"
      }
    ]
  },
  {
    "product": "Horizon Client for Windows",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "4.x before 4.7.0"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102441

www.securitytracker.com/id/1040108

www.securitytracker.com/id/1040109

www.securitytracker.com/id/1040136

www.vmware.com/us/security/advisories/VMSA-2018-0003.html

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:N/A:C

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for CVE-2017-4948

prion1 nessus2 nvd1 cvelist1 kaspersky1 vmware1