CVE-2017-4918: Command Injection
First published: Thu Jun 08 2017(Updated: )
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Horizon View | =2.0 | |
| VMware Horizon View | =2.1 | |
| VMware Horizon View | =2.2 | |
| VMware Horizon View | =2.3 | |
| VMware Horizon View | =3.0 | |
| VMware Horizon View | =3.1 | |
| VMware Horizon View | =3.2 | |
| VMware Horizon View | =3.3 | |
| VMware Horizon View | =4.0.0 | |
| VMware Horizon View | =4.0.1 | |
| VMware Horizon View | =4.1.0 | |
| VMware Horizon View | =4.2.0 | |
| VMware Horizon View | =4.3.0 | |
| VMware Horizon View | =4.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware horizon view
- version/vmware horizon view/2.0
- version/vmware horizon view/2.1
- version/vmware horizon view/2.2
- version/vmware horizon view/2.3
- version/vmware horizon view/3.0
- version/vmware horizon view/3.1
- version/vmware horizon view/3.2
- version/vmware horizon view/3.3
- version/vmware horizon view/4.0.0
- version/vmware horizon view/4.0.1
- version/vmware horizon view/4.1.0
- version/vmware horizon view/4.2.0
- version/vmware horizon view/4.3.0
- version/vmware horizon view/4.4.0