CVE-2017-4911 Explained : Impact and Mitigation

CVE-2017-4911 was published on June 8, 2017, and affects VMware Workstation and Horizon View Client for Windows. The vulnerability involves out-of-bounds write issues in the JPEG2000 parser, potentially allowing code execution or Denial of Service attacks.

Understanding CVE-2017-4911

This CVE identifies vulnerabilities in VMware products that could be exploited by attackers to compromise the host system.

What is CVE-2017-4911?

CVE-2017-4911 refers to multiple out-of-bounds write vulnerabilities in the JPEG2000 parser in VMware Workstation and Horizon View Client for Windows.

The Impact of CVE-2017-4911

These vulnerabilities could enable a guest to execute code or cause a Denial of Service on the Windows OS running Workstation or Horizon View Client. Exploitation is only possible if virtual printing is enabled.

Technical Details of CVE-2017-4911

This section provides more in-depth technical details about the vulnerability.

Vulnerability Description

The vulnerabilities are found in the TPView.dll of VMware Workstation versions 12.x up to 12.5.3 and Horizon View Client versions 4.x up to 4.4.0.

Affected Systems and Versions

VMware Workstation 12.x prior to 12.5.3
Horizon View Client for Windows 4.x prior to 4.4.0

Exploitation Mechanism

Virtual printing must be enabled for exploitation
Not enabled by default on Workstation but enabled by default on Horizon View

Mitigation and Prevention

Protecting systems from CVE-2017-4911 requires immediate actions and long-term security practices.

Immediate Steps to Take

Disable virtual printing if not required
Apply patches provided by VMware

Long-Term Security Practices

Regularly update VMware products
Monitor security advisories from VMware

Patching and Updates

Update VMware Workstation to version 12.5.3 or later
Update Horizon View Client for Windows to version 4.4.0 or later