VMware has released information on few vulnerabilities covering Workstation, Player, Fusion, Horizon View Client and NSX: “VMware Security Advisory VMSA-2017-0018.1 – VMware Workstation, Fusion and Horizon View Client updates resolve multiple security vulnerabilities” and “VMware Security Advisory VMSA-2017-0019 – NSX for vSphere update addresses NSX Edge Cross-Site Scripting (XSS) issue”.
VMware Security Advisory VMSA-2017-0018.1
VMware released VMSA-2017-0018.1 on 16 November 2017 (updated on 17 November) to cover multiple security vulnerabilities in VMware Workstation (both Pro and Player), Fusion and Horizon View Client:
- CVE-2017-4934 – VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.
- CVE-2017-4935 – VMware Workstation and Horizon View Client contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. This may allow a guest to execute code or perform a denial of service on the Windows machine running Workstation or Horizon View Client.
- CVE-2017-4936 and CVE-2017-4937 – VMware Workstation and Horizon View Client contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. This may allow a guest to execute code or perform a denial of service on the Windows machine running Workstation or Horizon View Client.
- CVE-2017-4938 – VMware Workstation and Fusion contain a guest RPC NULL pointer dereference vulnerability. This may allow attackers with normal user privileges to crash their virtual machines.
- CVE-2017-4939 – Workstation installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker’s choosing that could execute arbitrary code.
Workstation 14 and Fusion 10 installations are not affected. To fix these issues for other versions, update your applications to:
- VMware Horizon View Client 4.6.1
- VMware Workstation Pro 12.5.8
- VMware Workstation Player 12.5.8
- VMware Fusion Pro / Fusion 8.5.9
VMware Security Advisory VMSA-2017-0019
VMware released VMSA-2017-0019 on 16 November 2017 to cover an NSX Edge Cross-Site Scripting (XSS) issue. This vulnerability may lead to information disclosure. Vulnerability was assigned CVE-2017-4929 identification.
VMware resolved this issue in two new releases of NSX Edge:
- NSX Edge 6.2.9 released on 26 October 2017 (Release Notes)
- NSX Edge 6.3.5 released on 16 November 2017 (Release Notes)
You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.