VMware Horizon View Client 2.x / 3.x / 4.x < 4.5.0 Startup Script Command Injection (VMSA-2017-0011) (macOS)
High Nessus Plugin ID 100839
SynopsisA desktop virtualization application installed on the remote macOS or Mac OS X host is affected by a command injection vulnerability.
DescriptionThe version of VMware Horizon View Client installed on the remote macOS or Mac OS X host is 2.x, 3.x, or 4.x prior to 4.5.0. It is, therefore, affected by a command injection vulnerability in the service startup script due to improper validation of user-supplied input. A local attacker can exploit this, by sending specially crafted data, to inject and execute arbitrary commands with root privileges.
SolutionUpgrade to VMware Horizon View Client 4.5.0 or later.