Horizon 6, 7, and Horizon Client for Windows contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed.

Note: This issue doesn’t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.

VMware would like to thank Steven Seeley (mr_me) of Source Incite working with Trend Micro’s Zero Day Initiative for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6970 to this issue.

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Read more: VMware Security Advisories

 

OUR SECURITY SERVICES INCLUDE:

FNS1 THREATcheck

 Register for your FREE Threat Check today: https://fns1.com/threatcheck/
Advertisements