VMware Workstation, Fusion and Horizon View Client updates address critical security issues

2015-06-09T00:00:00
ID VMSA-2015-0004
Type vmware
Reporter VMware
Modified 2015-06-09T00:00:00

Description

a. VMware Workstation and Horizon Client memory manipulation issues

VMware Workstation and Horizon Client TPView.dll and TPInt.dll incorrectly handle memory allocation. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon Client.

VMware would like to thank Kostya Kortchinsky of the Google Security Team for reporting these issues to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2012-0897 and CVE-2015-2336 (TPView.dll Code Execution), CVE-2015-2338 and CVE-2015-2339 (TPview.dll DoS), CVE-2015-2337 (TPInt.dll Code Execution), and CVE-2015-2340 (TPInt.dll DoS) to these issues.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.