Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_HORIZON_VIEW_CLIENT_VMSA_2015_0004.NASL
HistoryJun 12, 2015 - 12:00 a.m.

VMware Horizon View Client 3.2.x < 3.2.1 / 3.3.x < 3.4.0 / or 5.x < 5.4.2 Multiple Vulnerabilities (VMSA-2015-0004)

2015-06-1200:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

The version of VMware Horizon View Client installed on the remote host is 3.2.x prior to 3.2.1, 3.3.x prior to 3.4.0, or 5.x (with local mode) prior to 5.4.2. It is, therefore, affected by multiple vulnerabilities :

  • An arbitrary code execution vulnerability exists due to a stack-based buffer overflow condition in the JPEG2000 plugin that is triggered when parsing a Quantization Default (QCD) marker segment in a JPEG2000 (JP2) image file. A remote attacker can exploit this, using a specially crafted image, to execute arbitrary code or cause a denial of service condition. (CVE-2012-0897)

  • Multiple denial of service vulnerabilities exist due to improper memory allocation by the TPView.dll and TPInt.dll libraries. A remote attacker can exploit this to cause a denial of service condition. (CVE-2015-2338, CVE-2015-2339, CVE-2015-2340)

  • Multiple remote code execution vulnerabilities exist due to improper memory allocation by the TPView.dll and TPInt.dll libraries. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-2336, CVE-2015-2337)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84150);
  script_version("1.16");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id(
    "CVE-2012-0897",
    "CVE-2015-2336",
    "CVE-2015-2337",
    "CVE-2015-2338",
    "CVE-2015-2339",
    "CVE-2015-2340"
  );
  script_bugtraq_id(51426, 75092, 75095);
  script_xref(name:"VMSA", value:"2015-0004");

  script_name(english:"VMware Horizon View Client 3.2.x < 3.2.1 / 3.3.x < 3.4.0 / or 5.x < 5.4.2 Multiple Vulnerabilities (VMSA-2015-0004)");
  script_summary(english:"Checks the VMware Horizon View Client version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a virtual desktop solution installed that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of VMware Horizon View Client installed on the remote host
is 3.2.x prior to 3.2.1, 3.3.x prior to 3.4.0, or 5.x (with local
mode) prior to 5.4.2. It is, therefore, affected by multiple
vulnerabilities :

  - An arbitrary code execution vulnerability exists due to
    a stack-based buffer overflow condition in the JPEG2000
    plugin that is triggered when parsing a Quantization
    Default (QCD) marker segment in a JPEG2000 (JP2) image
    file. A remote attacker can exploit this, using a
    specially crafted image, to execute arbitrary code or
    cause a denial of service condition. (CVE-2012-0897)

  - Multiple denial of service vulnerabilities exist due to
    improper memory allocation by the TPView.dll and
    TPInt.dll libraries. A remote attacker can exploit this
    to cause a denial of service condition. (CVE-2015-2338,
    CVE-2015-2339, CVE-2015-2340)

  - Multiple remote code execution vulnerabilities exist due
    to improper memory allocation by the TPView.dll and
    TPInt.dll libraries. A remote attacker can exploit this
    to execute arbitrary code. (CVE-2015-2336,
    CVE-2015-2337)");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2015-0004.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to VMware Horizon View Client 3.2.1 / 3.4.0 / 5.4.2 (with
local mode) or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-0897");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Irfanview JPEG2000 jp2 Stack Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:horizon_view_client");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vmware_horizon_view_client_installed.nbin");
  script_require_keys("SMB/Registry/Enumerated", "installed_sw/VMware Horizon View Client");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");

appname = 'VMware Horizon View Client';

install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);

version    = install["version"];
path       = install["path"];
local_mode = install["Local Mode"];

if (local_mode == "yes")
  appname += " (with local mode)";

port = get_kb_item("SMB/transport");
if (!port) port = 445;

if (version =~ "^3\.2(\.|$)")
  fix = "3.2.1";
else if (version =~ "^3\.3(\.|$)")
  fix = "3.4.0";
else if (version =~ "^5(\.|$)" && local_mode == "yes")
  fix = "5.4.2";
else
  audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);

if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
{
  report =
    '\n  Product           : ' + appname +
    '\n  Path              : ' + path +
    '\n  Installed version : ' + version+
    '\n  Fixed version     : ' + fix + '\n';
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);

if (report_verbosity > 0) security_warning(port:port, extra:report);
else security_warning(port);
VendorProductVersionCPE
vmwarehorizon_view_clientcpe:/a:vmware:horizon_view_client

Related

nessus 4
openvas 4
securityvulns 2
kaspersky 1
vmware 1
prion 6
cve 6
checkpoint_advisories 2
packetstorm 1
nessus
nessus
VMware Player 7.x < 7.1.1 Multiple Vulnerabilities (VMSA-2015-0004)
2015-06-16 00:00:00
VMware Workstation 10.x < 10.0.6 / 11.x < 11.1.1 Multiple Vulnerabilities (VMSA-2015-0004) (Windows)
2015-06-16 00:00:00
VMware Player 6.x < 6.0.6 Multiple Vulnerabilities (VMSA-2015-0004)
2015-06-16 00:00:00
openvas
openvas
VMware Player Code Execution And DoS Vulnerabilities (Apr 2017) - Windows
2017-04-07 00:00:00
VMware Workstation Code Execution And DoS Vulnerabilities (Apr 2017) - Windows
2017-04-07 00:00:00
IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability
2012-02-01 00:00:00
securityvulns
securityvulns
NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues
2015-06-14 00:00:00
VMWare applications multiple security vulnereabilities
2015-06-14 00:00:00
kaspersky
kaspersky
KLA10597 Multiple vulnerabilities in VMware products
2015-06-09 00:00:00
vmware
vmware
VMware Workstation, Fusion and Horizon View Client updates address critical security issues
2015-06-09 00:00:00
prion
prion
Design/Logic Flaw
2015-06-13 14:59:00
Design/Logic Flaw
2015-06-13 14:59:00
Design/Logic Flaw
2015-06-13 14:59:00
cve
cve
CVE-2015-2339
2015-06-13 14:59:00
CVE-2015-2338
2015-06-13 14:59:00
CVE-2015-2336
2015-06-13 14:59:00
checkpoint_advisories
checkpoint_advisories
VMware JPEG2000 Stack Overflow (CVE-2015-2336)
2015-06-25 00:00:00
Irfanview JPEG2000 jp2 Stack Buffer Overflow (CVE-2012-0897)
2013-09-01 00:00:00
packetstorm
packetstorm
Irfanview JPEG2000 4.3.2.0 jp2 Stack Buffer Overflow
2012-07-02 00:00:00
JSON
Related for VMWARE_HORIZON_VIEW_CLIENT_VMSA_2015_0004.NASL
nessus4openvas4securityvulns2kaspersky1vmware1prion6cve6checkpoint_advisories2packetstorm1