CVE-2020-3987 - OpenCVE

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Horizon Client Workstation Player Workstation Pro

Configuration 1 [-]

OR	cpe:2.3:a:vmware:horizon_client::::::windows::*
	cpe:2.3:a:vmware:workstation_player::::::::
	cpe:2.3:a:vmware:workstation_pro::::::::

No data.

References

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2020-0020.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2020-09-16T16:14:01

Updated: 2024-08-04T07:52:20.473Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-3987

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-16T17:15:13.957

Modified: 2020-09-28T17:00:25.557

Link: CVE-2020-3987

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "VMware Workstation and Horizon Client for Windows", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"}]}], "descriptions": [{"lang": "en", "value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."}], "problemTypes": [{"descriptions": [{"description": "Multiple out-of-bounds read issues via Cortado ThinPrint", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-16T16:14:01", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2020-3987", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware Workstation and Horizon Client for Windows", "version": {"version_data": [{"version_value": "VMware Workstation (15.x), Horizon Client for Windows (5.x before 5.4.4)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Multiple out-of-bounds read issues via Cortado ThinPrint"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:52:20.473Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2020-3987", "datePublished": "2020-09-16T16:14:01", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-08-04T07:52:20.473Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6601BC5A-C99B-4B9A-A112-C4382C04171C", "versionEndExcluding": "5.4.4", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5C1D4AB-9A63-4660-B07A-5A78B3D16962", "versionEndExcluding": "16.0.0", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "14D38E88-C39B-4DB7-91E6-3EBE20ED27FC", "versionEndExcluding": "16.0.0", "versionStartIncluding": "15.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed."}, {"lang": "es", "value": "VMware Workstation (versi\u00f3n 15.x) y Horizon Client para Windows (versi\u00f3n 5.x anteriores a 5.4.4), contienen una vulnerabilidad de lectura fuera de l\u00edmites en el componente Cortado ThinPrint (analizador EMR STRETCHDIBITS). Un actor malicioso con acceso normal a una m\u00e1quina virtual puede explotar estos problemas para crear una condici\u00f3n de denegaci\u00f3n de servicio parcial o para filtrar la memoria del proceso TPView que se ejecuta en el sistema donde est\u00e1 instalada Workstation o Horizon Client para Windows"}], "id": "CVE-2020-3987", "lastModified": "2020-09-28T17:00:25.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-16T17:15:13.957", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}