VMware Horizon View Client 2.x / 3.x / 4.x < 4.5.0 Startup Script Command Injection (VMSA-2017-0011) (macOS)

High Nessus Plugin ID 100839


A desktop virtualization application installed on the remote macOS or Mac OS X host is affected by a command injection vulnerability.


The version of VMware Horizon View Client installed on the remote macOS or Mac OS X host is 2.x, 3.x, or 4.x prior to 4.5.0. It is, therefore, affected by a command injection vulnerability in the service startup script due to improper validation of user-supplied input. A local attacker can exploit this, by sending specially crafted data, to inject and execute arbitrary commands with root privileges.


Upgrade to VMware Horizon View Client 4.5.0 or later.

See Also


Plugin Details

Severity: High

ID: 100839

File Name: macosx_vmware_horizon_view_client_vmsa_2017_0011.nasl

Version: $Revision: 1.2 $

Type: local

Agent: macosx

Published: 2017/06/16

Modified: 2017/08/15

Dependencies: 76963

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:vmware:horizon_view_client

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/VMware Horizon View Client

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/06/08

Vulnerability Publication Date: 2017/06/08

Reference Information

CVE: CVE-2017-4918

BID: 98984

OSVDB: 158713

VMSA: 2017-0011

IAVB: 2017-B-0069