CVE-2018-6970

CVE Database · CVE-2018-6970

CVE-2018-6970

· N/AModified

CVSS v3.1

N/A

EPSS

1.78%

Published

Aug 13, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems.

Weaknesses (CWE)

CWE-125

Affected Products (3)

vmware · horizon_client (up to 4.8.1)vulnerable

vmware · horizon_view (up to 6.2.7)vulnerable

vmware · horizon_view (up to 7.5.1)vulnerable

References (6)

http://www.securityfocus.com/bid/105031

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041430

Third Party AdvisoryVDB Entry

https://www.vmware.com/security/advisories/VMSA-2018-0019.html