CVE-2020-3990 : What You Need to Know

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component.

Understanding CVE-2020-3990

VMware Workstation and Horizon Client for Windows are affected by an information disclosure vulnerability via Cortado ThinPrint.

What is CVE-2020-3990?

An information disclosure vulnerability in VMware Workstation and Horizon Client for Windows due to an integer overflow issue in Cortado ThinPrint component.
Malicious actors with normal access to a virtual machine may exploit this issue to leak memory from TPView process.
Exploitation is only possible if virtual printing is enabled.

The Impact of CVE-2020-3990

Allows unauthorized disclosure of information from the TPView process.
Potential leakage of sensitive data to malicious actors.

Technical Details of CVE-2020-3990

VMware Workstation and Horizon Client for Windows are affected by an information disclosure vulnerability via Cortado ThinPrint.

Vulnerability Description

Integer overflow issue in Cortado ThinPrint component.
Malicious actors can exploit to leak memory from TPView process.

Affected Systems and Versions

VMware Workstation (15.x)
Horizon Client for Windows (5.x before 5.4.4)

Exploitation Mechanism

Requires normal access to a virtual machine.
Exploitation possible if virtual printing is enabled.

Mitigation and Prevention

Immediate Steps to Take:

Disable virtual printing if not required.
Apply the necessary security updates promptly.

Long-Term Security Practices:

Regularly monitor for security advisories from VMware.
Implement the principle of least privilege to limit access.
Conduct security assessments to identify vulnerabilities.
Educate users on safe computing practices.
Consider network segmentation to contain potential threats.

Patching and Updates:

Refer to VMware's security advisory VMSA-2020-0020 for patching instructions and updates.