Description
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040109
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040108
Patch, Vendor Advisory x_refsource_confirm
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102441
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040136
Scores
CVSS v3
7.1
EPSS
0.0004
EPSS Percentile
12.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
CWE-200
Status
published
Products (17)
vmware/horizon_view
4.0 - 4.7
vmware/workstation
12.0.0
vmware/workstation
12.0.1
vmware/workstation
12.1
vmware/workstation
12.1.1
vmware/workstation
12.5
vmware/workstation
12.5.0
vmware/workstation
12.5.1
vmware/workstation
12.5.2
vmware/workstation
12.5.3
... and 7 more
Published
Jan 05, 2018
Tracked Since
Feb 18, 2026