CVE-2017-4948

CVE	CVE-2017-4948
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-01-05 14:29:00 UTC
Updated	2018-01-25 13:51:00 UTC
Description	VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Problem Types: CWE-200 | CWE-125

Type	Vendor	Product	Version	Update	Edition	Language
Application	Vmware	Horizon View	All	All	All	All
Application	Vmware	Horizon View	All	All	All	All
Application	Vmware	Workstation	12.0.0	All	All	All
Application	Vmware	Workstation	12.0.1	All	All	All
Application	Vmware	Workstation	12.1	All	All	All
Application	Vmware	Workstation	12.1.1	All	All	All
Application	Vmware	Workstation	12.5	All	All	All
Application	Vmware	Workstation	12.5.0	All	All	All
Application	Vmware	Workstation	12.5.1	All	All	All
Application	Vmware	Workstation	12.5.2	All	All	All
Application	Vmware	Workstation	12.5.3	All	All	All
Application	Vmware	Workstation	12.5.4	All	All	All
Application	Vmware	Workstation	12.5.5	All	All	All
Application	Vmware	Workstation	12.5.6	All	All	All
Application	Vmware	Workstation	12.5.7	All	All	All
Application	Vmware	Workstation	12.5.8	All	All	All
Application	Vmware	Workstation	12.5.9	All	All	All
Application	Vmware	Workstation	14.0	All	All	All
Application	Vmware	Workstation	12.0.0	All	All	All
Application	Vmware	Workstation	12.0.1	All	All	All
Application	Vmware	Workstation	12.1	All	All	All
Application	Vmware	Workstation	12.1.1	All	All	All
Application	Vmware	Workstation	12.5	All	All	All
Application	Vmware	Workstation	12.5.0	All	All	All
Application	Vmware	Workstation	12.5.1	All	All	All
Application	Vmware	Workstation	12.5.2	All	All	All
Application	Vmware	Workstation	12.5.3	All	All	All
Application	Vmware	Workstation	12.5.4	All	All	All
Application	Vmware	Workstation	12.5.5	All	All	All
Application	Vmware	Workstation	12.5.6	All	All	All
Application	Vmware	Workstation	12.5.7	All	All	All
Application	Vmware	Workstation	12.5.8	All	All	All
Application	Vmware	Workstation	12.5.9	All	All	All
Application	Vmware	Workstation	14.0	All	All	All

Reference	Source	Link	Tags
VMware Horizon View Client for Windows Bug in Cortado ThinPrint Let Local Users on a View Desktop Obtain Potentially Sensitive Information on the Host System - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Multiple VMware Products Multiple Security Vulnerabilities	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
VMware vRealize Operations for Horizon and vRealize Operations for Published Applications Lets Local Users Obtain System Privileges - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
VMware Workstation/Fusion Bugs Let Local Users on a Guest System Bypass Security Restrictions on the Guest System and Obtain Potentially Sensitive Information on the Host System - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
VMSA-2018-0003	CONFIRM	www.vmware.com	Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.