Medium severity5.5NVD Advisory· Published May 31, 2017· Updated Jun 17, 2026
CVE-2017-4897
CVE-2017-4897
Description
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.
Affected products
2cpe:2.3:a:vmware:horizon_daas:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:vmware:horizon_daas:*:*:*:*:*:*:*:*range: <=6.1.6
- (no CPE)range: prior to 7.0.0
Patches
Vulnerability mechanics
References
3- www.vmware.com/security/advisories/VMSA-2017-0002.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/96559nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037951nvd
News mentions
0No linked articles in our index yet.