Description
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2017-0018.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039836
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101892
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039835
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
19.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (22)
VMware/Horizon View Client for Windows
4.x before 4.6.1
vmware/horizon_view
4.0.0
vmware/horizon_view
4.0.1
vmware/horizon_view
4.1
vmware/horizon_view
4.2
vmware/horizon_view
4.3
vmware/horizon_view
4.4
vmware/horizon_view
4.5
vmware/horizon_view
4.6
vmware/workstation
12.0.0
... and 12 more
Published
Nov 17, 2017
Tracked Since
Feb 18, 2026