CVE-2017-4948 in Workstation
Summary
by MITRE
VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/28/2021
The vulnerability identified as CVE-2017-4948 represents a critical out-of-bounds read flaw within the TPView.dll component of VMware Workstation and Horizon View Client applications. This issue affects specific versions of these virtualization and desktop virtualization products, with VMware Workstation being impacted in versions 14.x prior to 14.1.0 and 12.x, while Horizon View Client is affected in versions 4.x prior to 4.7.0. The vulnerability stems from improper bounds checking within the TPView.dll library, which handles printer redirection functionality in virtualized environments.
The technical nature of this flaw constitutes a CWE-129 vulnerability, specifically an insufficient bound checking issue that allows unauthorized memory access beyond allocated buffer boundaries. When virtual printing is enabled, the TPView.dll component processes printer data from guest operating systems, but fails to properly validate input lengths before accessing memory locations. This inadequate validation creates opportunities for attackers to read memory contents that should remain inaccessible, potentially exposing sensitive information stored in adjacent memory regions.
The operational impact of this vulnerability extends beyond simple information disclosure, as it can lead to both information leakage and denial of service conditions within the host operating systems. In VMware Workstation environments, guest operating systems could potentially access memory segments containing host system information, credentials, or other sensitive data through crafted printer data. The vulnerability becomes particularly dangerous when combined with other existing bugs within the same software stack, creating a multi-vector attack surface. For Horizon View Client installations, the risk is heightened because virtual printing is enabled by default, making exploitation more likely in production environments without proper configuration.
The exploitation conditions for this vulnerability require that virtual printing functionality be enabled, which serves as a critical mitigating factor. While VMware Workstation does not enable this feature by default, Horizon View Client has it enabled by default, making the latter more susceptible to attack. This configuration difference aligns with ATT&CK technique T1059.007 for command and scripting interpreter, as attackers could potentially leverage the information leakage to gain further system intelligence. The vulnerability demonstrates a classic privilege escalation path where guest operating systems can access host memory through legitimate virtualization features.
Mitigation strategies for CVE-2017-4948 should prioritize immediate patching of affected VMware products to versions 14.1.0 and 4.7.0 respectively, which contain the necessary fixes for the TPView.dll bounds checking issues. Organizations should also consider disabling virtual printing functionality in environments where it is not required, particularly in Horizon View deployments where it is enabled by default. Network segmentation and monitoring of printer redirection activities can help detect potential exploitation attempts, while implementing proper access controls and least privilege principles can limit the potential impact of successful attacks. The vulnerability highlights the importance of proper input validation in virtualization components and demonstrates how seemingly benign features like printer redirection can become attack vectors when not properly secured.