Today, VMware has released the following new security advisory:
“VMSA-2018-0003 – vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client and Tools updates resolve multiple security vulnerabilities”
Issues (a) CVE-2017-4946 is a privilege escalation vulnerability that affects vRealize Operations for Horizon (V4H) and vRealize Operations for Published Applications (V4PA) agents. Successful exploitation of this issue may allow low privileged windows users to escalate their privileges to SYSTEM. Workaround for ‘vROPs plugin for Horizon’ and ‘vROPs for Published applications’ 6.4.0 and 6.5.0 versions are available. Please see VMSA-2018-0003 for more information
Issue (b) CVE-2017-4948 is an out-of-bounds read issue that occurs via Cortado ThinPrint. This issue affects Workstation and Horizon View Client. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Workstation 14.1.0 and Horizon View Client for Windows 4.7.0 fix this issue.
Issue (c) CVE-2017-4945 is a guest access control vulnerability and affects Workstation and Fusion. Successful exploitation of this issue may allow program execution via Unity on locked Windows VMs.
We would like to thank Martin Lemay of GoSecure Inc., Yakun Zhang of McAfee, and Tudor Enache of the United Arab Emirates Computer Emergency Response Team (aeCERT) for reporting these issues to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.