Aug 2018 – Less than one month, VMware out-of-bounds read vulnerability happen again!

VMware announce that a bug found on their Horizon Connection Server, Horizon Agent, and Horizon Clien. However Horizon Agents on Linux-based systems and Horizon Clients on non-Windows systems are not affected. The symptom is that out-of-Bounds Memory Read Error in Message Framework Lets Local Users View Portions of System Memory on the Target System. From technical point of view, what is out of bound read? That is software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.But the out of bound memory read problem not a new issue. Do you remember? That is CVE-2018-6968 (The Out-of-Bounds Memory Read Error lets Local Users on a Guest System Gain Elevated Privileges on the Guest System). Just happen less than a month.

The key word vulnerability similar human being caugh, flu or headache. No worries!

Offical announcement shown as below: