CVE-2017-4918

CRITICAL

VMware Horizon View Client <4.5.0 - Command Injection

Title source: llm

Description

VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038642

Vendor Advisory x_refsource_confirm

https://www.vmware.com/security/advisories/VMSA-2017-0011.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98984

Scores

CVSS v3 9.8

EPSS 0.0301

EPSS Percentile 86.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (17)

VMware/Horizon View Client for Mac 2.x

VMware/Horizon View Client for Mac 3.x

VMware/Horizon View Client for Mac 4.x prior to 4.5.0

vmware/horizon_view 2.0

vmware/horizon_view 2.1

vmware/horizon_view 2.2

vmware/horizon_view 2.3

vmware/horizon_view 3.0

vmware/horizon_view 3.1

vmware/horizon_view 3.2

... and 7 more

Published Jun 08, 2017

Tracked Since Feb 18, 2026