Update 04/21/2017: Updated security advisory to clarify the Unified Access Gateway and Horizon View affected versions.
Update 04/19/2017: We have corrected the Horizon View Client for Windows version.
Today VMware has released the following new security advisory:
VMSA-2017-0008.2 – VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities
This documents several critical memory corruption vulnerabilities affecting VMware Unified Access Gateway (formerly called Access Point) (8.2.x, 2.7.x and 2.5.x), Horizon View (7.x, 6.x), and Horizon View Client for Windows (4.x) and Workstation (12.5.x).
Issue (a) is a heap-based buffer overflow vulnerability (CVE-2017-4907) which affects VMware Unified Access Gateway and Horizon View. This issue may be exploited remotely to execute code on the security gateway. VMware Unified Access Gateway 2.9 is not affected. This issue has been addressed in VMware Unified Access Gateway 2.8.1, Horizon View 7.1.0 and 6.2.4.
Issues (b), (c) and (d) are heap-based buffer-overflow, out-of-bounds read/write and integer-overflow vulnerabilities (CVE-2017-4908, CVE-2017-4909, CVE-2017-4910, CVE-2017-4911, CVE-2017-4912, CVE-2017-4913) in JPEG2000 and TrueType Font (TTF) parsers in the TPView.dll. These issues exist due the use of vulnerable Cortado ThinPrint component and impact VMware Horizon View Client for Windows and Workstation. Exploitation is possible only if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. These issues have been addressed in VMware Workstation 12.5.3 and Horizon View Client for Windows 4.4.0.
We would like to thank Claudio Moletta (redr2e), and Ke Liu of Tencent’s Xuanwu Lab, Gogil and Giwan Go of STEALIEN working with ZDI for reporting these issues to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.