CVE-2017-4948

Name: CVE-2017-4948
Creator: NVD / NIST
Published: 2018-01-05T14:29:10.547+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.41%

Last modified Jun 17, 2026

CVE-2017-4948 is a vulnerability of currently unknown severity. VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with other bugs may allow a guest to leak information from host or may allow for a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this issue in conjunction with other bugs may allow a View desktop to leak information from host or may allow for a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.

Metrics

EPSS Probability

0.41%

32.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Vmware	Workstation	12.0.0
Vmware	Workstation	12.0.1
Vmware	Workstation	12.1
Vmware	Workstation	12.1.1
Vmware	Workstation	12.5
Vmware	Workstation	12.5.0
Vmware	Workstation	12.5.1
Vmware	Workstation	12.5.2
Vmware	Workstation	12.5.3
Vmware	Workstation	12.5.4
Vmware	Workstation	12.5.5
Vmware	Workstation	12.5.6
Vmware	Workstation	12.5.7
Vmware	Workstation	12.5.8
Vmware	Workstation	12.5.9
Vmware	Workstation	14.0
Vmware	Horizon View	>= 4.0, < 4.7

References

http://www.securityfocus.com/bid/102441Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040108Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040109Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040136Third Party Advisory, VDB Entry
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.htmlPatch, Vendor Advisory
http://www.securityfocus.com/bid/102441Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040108Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040109Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1040136Third Party Advisory, VDB Entry
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.htmlPatch, Vendor Advisory

Timeline

Published: Jan 5, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-4948?

How severe is CVE-2017-4948?

Severity scoring for CVE-2017-4948 is pending analysis. The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.

How do I fix CVE-2017-4948?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-4948?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST