Horizon 6, 7, Horizon Agent, and Horizon Client for Windows updates address an out-of-bounds read vulnerability

2018-08-07T00:00:00
ID VMSA-2018-0019
Type vmware
Reporter VMware
Modified 2018-08-14T00:00:00

Description

Out-of-bounds read vulnerability in the Message Framework library

Horizon 6, 7, Horizon Agent, and Horizon Client for Windows contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed.

Note: This issue doesn’t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.

VMware would like to thank Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6970 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.