7.1

CVE-2017-4948

EPSS 0.04%
Published 05.01.2018 14:29:10
Last modified 21.11.2024 03:26:44
Source security@vmware.com
Teams watchlist Login
Open Login

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Affected products Warnungen 0 Metrics 3 CWE 2 References 8

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Workstation Version12.0.0

VMware ≫ Workstation Version12.0.1

VMware ≫ Workstation Version12.1

VMware ≫ Workstation Version12.1.1

VMware ≫ Workstation Version12.5

VMware ≫ Workstation Version12.5.0

VMware ≫ Workstation Version12.5.1

VMware ≫ Workstation Version12.5.2

VMware ≫ Workstation Version12.5.3

VMware ≫ Workstation Version12.5.4

VMware ≫ Workstation Version12.5.5

VMware ≫ Workstation Version12.5.6

VMware ≫ Workstation Version12.5.7

VMware ≫ Workstation Version12.5.8

VMware ≫ Workstation Version12.5.9

VMware ≫ Workstation Version14.0

VMware ≫ Horizon View Version >= 4.0 < 4.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.089

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	6.6	3.9	9.2	AV:L/AC:L/Au:N/C:C/I:N/A:C

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/102441

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1040109

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1040136

Third Party Advisory

VDB Entry

https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html

Patch

Vendor Advisory

http://www.securitytracker.com/id/1040108

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-4948

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-4948

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-4948

EUVD