CVE-2018-6970 – VMWare Horizon Client wswc_sharedMem_shared Out-Of-Bounds Read Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2018-6970

VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn't apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems. VMware Horizon 6 (6.x.x en versiones anteriores a la 6.2.7), Horizon 7 (7.x.x en versiones anteriores a la 7.5.1) y Horizon Client (4.x.x en versiones anteriores a la 4.8.1) contiene una vulnerabilidad de lectura fuera de límites en la librería Message Framework. Su explotación con éxito podría permitir que un usuario con menos privilegios filtre información desde un proceso privilegiado que se ejecuta en un sistema donde estén instalados Horizon Connection Server, Horizon Agent o Horizon Client. • http://www.securityfocus.com/bid/105031 http://www.securitytracker.com/id/1041430 https://www.vmware.com/security/advisories/VMSA-2018-0019.html • CWE-125: Out-of-bounds Read •