CVE-2017-4918 – VMware Horizon's macOS Client Code Injection

https://notcve.org/view.php?id=CVE-2017-4918

08 Jun 2017 — VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed. VMware Horizon View Client (versiones 2.x, 3.x y versiones 4.x anteriores a 4.5.0), contiene una vulnerabilidad de inyección de comandos en el script de inicio del servicio. La explotación con éxito de este problema pued... • http://www.securityfocus.com/bid/98984 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •