CVE-2020-3989

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:windows:*:*
cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:32

Type Values Removed Values Added
References () https://www.vmware.com/security/advisories/VMSA-2020-0020.html - Vendor Advisory () https://www.vmware.com/security/advisories/VMSA-2020-0020.html - Vendor Advisory

Information

Published : 2020-09-16 17:15

Updated : 2024-11-21 05:32


NVD link : CVE-2020-3989

Mitre link : CVE-2020-3989

CVE.ORG link : CVE-2020-3989


JSON object : View

Products Affected

vmware

  • workstation_player
  • horizon_client
  • workstation_pro
CWE
CWE-787

Out-of-bounds Write