vulnerability

VMware Horizon Client: CVE-2017-4908 Multiple heap-based buffer overflow issues via Cortado ThinPrint (VMSA-2017-0008)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Jun 8, 2017	May 25, 2022	Mar 27, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Jun 8, 2017

Added

May 25, 2022

Modified

Mar 27, 2026

Description

VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Solution

vmware-horizon-client-upgrade-4_4_0

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report