Cloud Defense Logo

Products

Solutions

Company

CVE-2021-21988 : Security Advisory and Response

Learn about CVE-2021-21988, an out-of-bounds read vulnerability in VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) that could lead to information disclosure. Find out the impact, affected systems, and mitigation steps.

This article provides details on CVE-2021-21988, a vulnerability found in VMware Workstation and Horizon Client for Windows which could lead to information disclosure.

Understanding CVE-2021-21988

CVE-2021-21988 is an out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser) of VMware Workstation and Horizon Client for Windows.

What is CVE-2021-21988?

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) are affected by an out-of-bounds read vulnerability in the Cortado ThinPrint component. This vulnerability could be exploited by a malicious actor with access to a virtual machine or remote desktop, potentially resulting in information disclosure from the TPView process.

The Impact of CVE-2021-21988

The vulnerability in VMware Workstation and Horizon Client for Windows could allow an attacker to gain access to sensitive information through the exploit of the Cortado ThinPrint component.

Technical Details of CVE-2021-21988

This section outlines the specifics of the vulnerability.

Vulnerability Description

The vulnerability involves an out-of-bounds read issue in the Cortado ThinPrint component (JPEG2000 Parser) of VMware Workstation and Horizon Client for Windows.

Affected Systems and Versions

VMware Workstation versions 16.x prior to 16.1.2 and Horizon Client for Windows versions 5.x prior to 5.5.2 are impacted by this vulnerability.

Exploitation Mechanism

A bad actor with access to a virtual machine or remote desktop could potentially exploit this vulnerability to disclose information from the TPView process.

Mitigation and Prevention

Here are the steps to mitigate and prevent exploitation of CVE-2021-21988.

Immediate Steps to Take

It is recommended to update VMware Workstation to version 16.1.2 and Horizon Client for Windows to version 5.5.2 to patch the vulnerability.

Long-Term Security Practices

Regularly update software and implement security best practices to reduce the risk of similar vulnerabilities in the future.

Patching and Updates

Stay informed about security advisories from VMware and apply patches promptly to secure your systems.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now