VMware has released a new security advisory VMSA-2018-0019: Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability.
This advisory documents the remediation of one important issue: Horizon 6, 7, and Horizon Client for Windows contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed.
The vulnerability doesn’t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.
The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2018-6970 to VMSA-2018-0019 issue.
VMSA-2018-0019 – Affected Products and Resolutions
Horizon version 7.x running on Windows – update to version 7.5.1 (release date 19 July 2018, for more details check the Release Notes)
Horizon version 6.x running on Windows – update to version 6.2.7 (release date 7 August 2018, for more details check the Release Notes)
Horizon Client for Windows version 4.x and earlier – update to version 4.8.1 (release date 7 August 2018, for more details check the Release Notes)
The vulnerability doesn’t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.
You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.
Recent Comments