CVE-2017-4910

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 79.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Horizon View Client FOR Windows Vmware Workstation Vmware Horizon View

Timeline

PublishedJun 8

Latest updateMay 17

Description

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possibl…

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5vmware/horizon_view_client_for_windows4.x prior to 4.4.0

▶NVDvmware/horizon_view4 versions+3

▶CVEListV5vmware/workstation12.x prior to 12.5.3

▶NVDvmware/workstation7 versions+6

🔴Vulnerability Details

GHSA

GHSA-35rh-6mjx-86f8: VMware Workstation (12↗2022-05-17

▶

CVEList

CVE-2017-4910: VMware Workstation (12↗2017-06-08

▶

💥Exploits & PoCs

Exploit-DB

Shareet - 'photo' SQL Injection↗2017-10-30

▶