VMware Horizon View Client 2.x / 3.x / 4.x < 4.5.0 Startup Script Command Injection (VMSA-2017-0011) (macOS)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A desktop virtualization application installed on the remote macOS or
Mac OS X host is affected by a command injection vulnerability.

Description :

The version of VMware Horizon View Client installed on the remote
macOS or Mac OS X host is 2.x, 3.x, or 4.x prior to 4.5.0. It is,
therefore, affected by a command injection vulnerability in the
service startup script due to improper validation of user-supplied
input. A local attacker can exploit this, by sending specially crafted
data, to inject and execute arbitrary commands with root privileges.

See also :

https://www.vmware.com/security/advisories/VMSA-2017-0011

Solution :

Upgrade to VMware Horizon View Client 4.5.0 or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 100839 ()

Bugtraq ID: 98984

CVE ID: CVE-2017-4918

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now