QID 376253
Date Published: 2022-01-19
QID 376253: VMware Workstation and VMware Horizon Client for Windows Denial of Service (DoS) Vulnerability (VMSA-2022-0002)
VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems. VMware Horizon is a commercial desktop and app virtualization product developed by VMware.
VMware Workstation and Horizon Client for Windows contains a denial-of-service vulnerability in the Cortado ThinPrint component.
Note:
Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client for Windows.
Affected Versions
VMware Workstation Pro 16.x prior to 16.2.2
VMware Workstation Player 16.x prior to 16.2.2
VMware Horizon Client for Windows 5.x prior to 5.5.3
QID Detection Logic (authenticated):
This QID checks for vulnerable versions of Workstation and Horizon Client for Windows.exe file.
A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
Refer to VMware documents VMware Horizon Client 5.5.3 for more information.
VMware has released the patch for Workstation Pro.
Refer to VMware documents VMware Workstation Pro 16.2.2 for more information.
VMware has released the patch for Workstation Player.
Refer to VMware documents VMware Workstation Player 16.2.2 for more information.
- VMSA-2022-0002 -
www.vmware.com/security/advisories/VMSA-2022-0002.html
CVEs related to QID 376253
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| VMSA-2022-0002 |
www.vmware.com/security/advisories/VMSA-2022-0002.html |