CVE-2017-4909 : Exploit Details and Defense Strategies
Learn about CVE-2017-4909 affecting VMware Workstation and Horizon View Client. This vulnerability could lead to unauthorized code execution or Denial of Service attacks. Find mitigation steps and necessary updates here.
A vulnerability has been identified in VMware Workstation and Horizon View Client that could lead to a heap buffer-overflow, potentially allowing unauthorized code execution or Denial of Service attacks.
Understanding CVE-2017-4909
This CVE affects VMware Workstation and Horizon View Client for Windows.
What is CVE-2017-4909?
The vulnerability exists in the TrueType Font (TTF) parser in the TPView.dll component of VMware Workstation and Horizon View Client. Exploiting this flaw could result in a heap buffer-overflow.
The Impact of CVE-2017-4909
If exploited, this vulnerability could have the following impacts:
- Allow a guest to execute unauthorized code or cause a Denial of Service on the underlying Windows OS in VMware Workstation.
- Enable a View desktop to execute unauthorized code or cause a Denial of Service on the underlying Windows OS in Horizon View Client.
- Exploitation is only possible if virtual printing has been enabled.
Technical Details of CVE-2017-4909
This section provides more technical insights into the vulnerability.
Vulnerability Description
The vulnerability is a heap buffer-overflow issue via Cortado ThinPrint in the TrueType Font (TTF) parser in the TPView.dll component.
Affected Systems and Versions
- VMware Workstation versions prior to 12.5.3
- Horizon View Client for Windows versions prior to 4.4.0
Exploitation Mechanism
Exploitation of this vulnerability is only possible if virtual printing has been enabled. By default, virtual printing is disabled on VMware Workstation, but it is enabled by default on Horizon View.
Mitigation and Prevention
Protecting systems from CVE-2017-4909 requires immediate steps and long-term security practices.
Immediate Steps to Take
- Disable virtual printing if not required to mitigate the risk.
- Apply the necessary patches and updates provided by VMware.
Long-Term Security Practices
- Regularly update VMware products to the latest versions.
- Implement network segmentation to minimize the impact of potential attacks.
Patching and Updates
Ensure that VMware Workstation is updated to version 12.5.3 or later and Horizon View Client for Windows to version 4.4.0 or later to address the vulnerability.