VMware Workstation and Horizon View Client CVE-2017-4912 Remote Code Execution Vulnerability

VMware Workstation and Horizon View Client are prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.

The following products are vulnerable:

VMware Horizon View Client 7.x versions prior to 7.1.0
VMware Horizon View Client 6.2.x versions prior to 6.2.4
VMware Workstation 12.x versions prior to 12.5.3

Information

Bugtraq ID: 97921
Class: Boundary Condition Error
CVE: CVE-2017-4912

Remote: Yes
Local: No
Published: Apr 18 2017 12:00AM
Updated: Apr 18 2017 12:00AM
Credit: Ke Liu of Tencent's Xuanwu Lab and Giwan Go of STEALIEN working with ZDI
Vulnerable: VMWare Workstation 12.0
VMWare Horizon View Client 6.2
VMWare Horizon View Client 7.0

Not Vulnerable: VMWare Workstation 12.5.3
VMWare Horizon View Client 7.1
VMWare Horizon View Client 6.2.4

References:

• VMware Homepage (VMware)
  
• VMSA-2017-0008: VMware Unified Access Gateway, Horizon View and Workstation upda (VMWare)
  

Source: www.securityfocus.com