a. V4H and V4PA desktop agent privilege escalation vulnerability
The V4H and V4PA desktop agents contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.
VMware would like to thank Martin Lemay of GoSecure Inc. for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2017-4946 to this issue.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
CPE | Name | Operator | Version |
---|---|---|---|
v4h | lt | 6.5.1 | |
v4pa | lt | 6.5.1 | |
horizon view client for windows | lt | 4.7.0 | |
workstation | lt | 14.1.0 | |
workstation | eq | 12.x | |
fusion | eq | 8.x |