There are neither technical details nor an exploit publicly available. The exploitation doesn't require any form of authentication. The attack needs to be approached locally. This vulnerability is traded as CVE-2020-3989 since. What's new in VMware Horizon View Client 5.4.0: Real-Time Audio-Video - You can now use webcams and microphones in a virtual desktop and run Skype, Webex, Google Hangouts, and other online. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client. Exploitation is only possible if virtual printing has been enabled. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. This is going to have an impact on availability. The software writes data past the end, or before the beginning, of the intended buffer. The manipulation with an unknown input leads to a memory corruption vulnerability. Affected is an unknown code of the component Cortado Thinprint. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability was found in VMware Workstation and Horizon Client ( Virtualization Software) ( version unknown). The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |