CVE-2017-4908 : Security Advisory and Response
Learn about CVE-2017-4908 involving heap buffer-overflow vulnerabilities in VMware Workstation and Horizon View Client, potentially leading to arbitrary code execution or denial of service. Find mitigation steps and patching details here.
Multiple heap buffer-overflow vulnerabilities have been found in the JPEG2000 parser in TPView.dll, present in VMware Workstation versions prior to 12.5.3 and Horizon View Client versions prior to 4.4.0. Exploitation could lead to arbitrary code execution or denial of service.
Understanding CVE-2017-4908
This CVE involves heap buffer-overflow vulnerabilities in VMware Workstation and Horizon View Client, potentially enabling arbitrary code execution or denial of service attacks.
What is CVE-2017-4908?
CVE-2017-4908 refers to multiple heap buffer-overflow vulnerabilities in the JPEG2000 parser in TPView.dll, affecting VMware Workstation and Horizon View Client.
The Impact of CVE-2017-4908
- VMware Workstation: Allows a guest to execute arbitrary code or cause a denial of service on the Windows OS where Workstation is running.
- Horizon View Client: Enables a View desktop to execute arbitrary code or cause a denial of service on the Windows OS where the client is operating.
Technical Details of CVE-2017-4908
This section provides detailed technical insights into the CVE-2017-4908 vulnerability.
Vulnerability Description
The vulnerability involves heap buffer-overflow issues in the JPEG2000 parser in TPView.dll, affecting VMware Workstation and Horizon View Client.
Affected Systems and Versions
- Affected Products: Workstation, Horizon View Client for Windows
- Vendor: VMware
- Affected Versions: Workstation 12.x prior to 12.5.3, Horizon View Client 4.x prior to 4.4.0
Exploitation Mechanism
- Exploitation is possible if the virtual printing feature is enabled, which is not the default setting on Workstation but is enabled by default on Horizon View.
Mitigation and Prevention
Protecting systems from CVE-2017-4908 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Disable the virtual printing feature if not required to prevent exploitation.
- Apply the necessary patches and updates provided by VMware.
Long-Term Security Practices
- Regularly update VMware products to the latest versions to mitigate known vulnerabilities.
- Implement network segmentation and access controls to limit the impact of potential attacks.
Patching and Updates
- VMware released patches to address the vulnerabilities in Workstation and Horizon View Client. Ensure timely installation of these patches to secure the systems.