7.8

CVE-2017-4935

EPSS 0.06%
Published 17.11.2017 14:29:00
Last modified 20.04.2025 01:37:25
Source security@vmware.com
Teams watchlist Login
Open Login

VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Workstation Version12.0.0

VMware ≫ Workstation Version12.0.1

VMware ≫ Workstation Version12.1

VMware ≫ Workstation Version12.1.1

VMware ≫ Workstation Version12.5

VMware ≫ Workstation Version12.5.1

VMware ≫ Workstation Version12.5.2

VMware ≫ Workstation Version12.5.3

VMware ≫ Workstation Version12.5.4

VMware ≫ Workstation Version12.5.5

VMware ≫ Workstation Version12.5.6

VMware ≫ Workstation Version12.5.7

VMware ≫ Horizon View Version4.0.0 SwPlatformwindows

VMware ≫ Horizon View Version4.0.1 SwPlatformwindows

VMware ≫ Horizon View Version4.1 SwPlatformwindows

VMware ≫ Horizon View Version4.2 SwPlatformwindows

VMware ≫ Horizon View Version4.3 SwPlatformwindows

VMware ≫ Horizon View Version4.4 SwPlatformwindows

VMware ≫ Horizon View Version4.5 SwPlatformwindows

VMware ≫ Horizon View Version4.6 SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.165

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.1	6	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1039835

Third Party Advisory

VDB Entry

https://www.vmware.com/security/advisories/VMSA-2017-0018.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/101902

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039836

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-4935

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-4935

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-4935

EUVD