Critical severity9.8NVD Advisory· Published Jun 8, 2017· Updated Jun 17, 2026
CVE-2017-4918
CVE-2017-4918
Description
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.
Affected products
15cpe:2.3:a:vmware:horizon_view:2.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:vmware:horizon_view:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:horizon_view:4.4.0:*:*:*:*:*:*:*
- Range: 2.x
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/98984nvdThird Party AdvisoryVDB Entry
- www.vmware.com/security/advisories/VMSA-2017-0011.htmlnvdVendor Advisory
- www.securitytracker.com/id/1038642nvd
News mentions
0No linked articles in our index yet.