CVE-2017-4918

Summary

VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.

Affected Software

VendorProductVersion RangeStatus
VMwareHorizon View Client for Mac2.xaffected
VMwareHorizon View Client for Mac3.xaffected
VMwareHorizon View Client for Mac4.x prior to 4.5.0affected

Weaknesses

  • Command injection vulnerability

ADP Enrichment

CVE Program Container

Additional References

References