VMware Workstation and Horizon Client CVE-2017-4913 Integer Overflow Vulnerability

VMware Workstation and Horizon Client are prone to an integer-overflow vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code. Failed exploits will result in denial-of-service conditions.

The following products are vulnerable:

Horizon View Client versions 7.x prior to 7.1.0 and 6.2.x prior to 6.2.4 are vulnerable.

Workstation versions 12.x prior to 12.5.3 are vulnerable.

Information

Bugtraq ID: 97920
Class: Boundary Condition Error
CVE: CVE-2017-4913

Remote: Yes
Local: No
Published: Apr 18 2017 12:00AM
Updated: Apr 18 2017 12:00AM
Credit: Ke Liu of Tencent's Xuanwu Lab.
Vulnerable: VMWare Workstation 12.0
VMWare Horizon View 7.0.1
VMWare Horizon View 6.2.3
VMWare Horizon View 7.0

Not Vulnerable: VMWare Workstation 12.5.3
VMWare Horizon View 7.1
VMWare Horizon View 6.2.4

References:

VMware Homepage (VMware)
VMSA-2017-0008: VMware Unified Access Gateway, Horizon View and Workstation upda (VMWare)

Source: www.securityfocus.com

Exploit Collector

Search Exploit

VMware Workstation and Horizon Client CVE-2017-4913 Integer Overflow Vulnerability

Information