CVE-2017-4948 vulnerability in VMware Products
Published on January 5, 2018
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
Products Associated with CVE-2017-4948
stack.watch emails you whenever new vulnerabilities are published in VMware Workstation or VMware Horizon Client. Just hit a watch button to start following.
Affected Versions
VMware Workstation:- Version 14.x before 14.1.0 is affected.
- Version 12.x is affected.
- Version 4.x before 4.7.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.