Vulners
Lucene search
VMware Horizon's macOS Client Code Injection Vulnerability
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | The vulnerability of the script that launches the system service for VMware Horizon View Clients allows a perpetrator to elevate their privileges to superuser status. | 25 Aug 201700:00 | – | bdu_fstec |
 | VMware Horizon View Command Injection Vulnerability | 9 Jun 201700:00 | – | cnvd |
 | CVE-2017-4918 | 8 Jun 201719:00 | – | cve |
 | CVE-2017-4918 | 8 Jun 201719:00 | – | cvelist |
 | EUVD-2017-14035 | 7 Oct 202500:30 | – | euvd |
 | VMware Horizon View Client 2.x / 3.x / 4.x < 4.5.0 Startup Script Command Injection (VMSA-2017-0011) (macOS) | 16 Jun 201700:00 | – | nessus |
 | CVE-2017-4918: VMware Horizon macOS client code injection vulnerability analysis-vulnerability warning-the black bar safety net | 16 Jul 201700:00 | – | myhack58 |
 | CVE-2017-4918 | 8 Jun 201719:29 | – | nvd |
 | CVE-2017-4918 | 8 Jun 201719:29 | – | osv |
 | Command injection | 8 Jun 201719:29 | – | prion |
10
CVE-2017-4918: Code Injection in VMware Horizonas macOS Client
Metadata
===================================================
Release Date: 10-July-2017
Author: Florian Bogner // https://bogner.sh
Affected product: VMware Horizonas macOS Client
Fixed in: Version 4.5
Tested on: OS X El Capitan 10.11.6
CVE: CVE-2017-4918
URL: https://bogner.sh/2017/07/cve-2017-4918-code-injection-in-vmware-horizons-macos-client/
Vulnerability Status: Fixed
Product Description
===================================================
VMware Horizon 7 is the leading platform for virtual desktops and applications.
Provide end users access to all of their virtual desktops, applications, and online services through a single digital workspace.
Vulnerability Description
===================================================
An issue within a shell script of VMware Horizon's macOS client could be abused to load arbitrary kernel extensions. In detail, this was possible because a user modifiable environment variable was used to build the command line for a highly privileged command.
Further technical details can be found on my blog: https://bogner.sh/2017/07/cve-2017-4918-code-injection-in-vmware-horizons-macos-client/
Suggested Solution
===================================================
Update to the latest version (fixed in 4.5)
Disclosure Timeline
===================================================
21-04-2017: The issues has been documented and reported
24-04-2017: VMware started investigating
06-06-2017: Fix ready
08-06-2017: Updated Horizon version 4.5 alongside security advisory VMSA-2017-0011 released
# 0day.today [2018-03-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Jul 2017 00:00Current
9.4High risk
Vulners AI Score9.4
EPSS0.04859