CVE-2017-4913 : Security Advisory and Response

VMware Workstation and Horizon View Client contain an integer-overflow vulnerability that could allow code execution or Denial of Service attacks on Windows systems.

Understanding CVE-2017-4913

This CVE involves an integer-overflow vulnerability in the True Type Font parser in TPView.dll within VMware Workstation and Horizon View Client.

What is CVE-2017-4913?

The True Type Font parser in VMware Workstation and Horizon View Client contains a vulnerability related to integer-overflow, potentially enabling code execution or Denial of Service on Windows OS.

The Impact of CVE-2017-4913

Exploitation is possible if virtual printing is enabled, allowing guests to execute code or cause a Denial of Service on the Windows OS where Workstation is running.

Technical Details of CVE-2017-4913

This section provides detailed technical information about the vulnerability.

Vulnerability Description

The vulnerability is an integer-overflow issue via Cortado ThinPrint in VMware Workstation and Horizon View Client.

Affected Systems and Versions

VMware Workstation 12.x prior to 12.5.3
Horizon View Client for Windows 4.x prior to 4.4.0

Exploitation Mechanism

Exploitation requires virtual printing to be enabled
Virtual printing is not enabled by default on Workstation but is enabled by default on Horizon View

Mitigation and Prevention

Protect your systems from CVE-2017-4913 with these mitigation strategies.

Immediate Steps to Take

Disable virtual printing if not needed
Apply the necessary patches provided by VMware

Long-Term Security Practices

Regularly update VMware products to the latest versions
Implement network segmentation to limit the impact of potential attacks

Patching and Updates

VMware released patches to address this vulnerability
Stay informed about security advisories and apply updates promptly