Greetings from the VMware Security Response Center !
Today VMware has released the following new security advisory:
“VMSA-2017-0002 – Horizon DaaS update addresses an insecure data validation issue”
The advisory documents a moderate severity insecure data validation issue (CVE-2017-4897) in VMware Horizon DaaS. All 6.1.x versions are affected.
This vulnerability can be exploited by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Horizon DaaS 7.0.0 carries a fix for this issue.
VMware would like to thank Ahmad Ashraff of Aura Information Security for reporting this issue to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.