VYPR
Critical severity9.8NVD Advisory· Published Jun 8, 2017· Updated Jun 17, 2026

CVE-2017-4918

CVE-2017-4918

Description

VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.

Affected products

15
  • VMware/Horizon View14 versions
    cpe:2.3:a:vmware:horizon_view:2.0:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:vmware:horizon_view:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:horizon_view:4.4.0:*:*:*:*:*:*:*
  • Range: 2.x

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.