Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-4936

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.

Published

2017-11-17T14:29:00.623

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	workstation	12.0.0	Yes
Application	vmware	workstation	12.0.1	Yes
Application	vmware	workstation	12.1	Yes
Application	vmware	workstation	12.1.1	Yes
Application	vmware	workstation	12.5	Yes
Application	vmware	workstation	12.5.1	Yes
Application	vmware	workstation	12.5.2	Yes
Application	vmware	workstation	12.5.3	Yes
Application	vmware	workstation	12.5.4	Yes
Application	vmware	workstation	12.5.5	Yes
Application	vmware	workstation	12.5.6	Yes
Application	vmware	workstation	12.5.7	Yes
Application	vmware	horizon_view	4.0.0	Yes
Application	vmware	horizon_view	4.0.1	Yes
Application	vmware	horizon_view	4.1	Yes
Application	vmware	horizon_view	4.2	Yes
Application	vmware	horizon_view	4.3	Yes
Application	vmware	horizon_view	4.4	Yes
Application	vmware	horizon_view	4.5	Yes
Application	vmware	horizon_view	4.6	Yes

References

http://www.securityfocus.com/bid/101892 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1039835 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1039836 Third Party Advisory, VDB Entry ([email protected])
https://www.vmware.com/security/advisories/VMSA-2017-0018.html Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/101892 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039835 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039836 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2017-0018.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)