• VMware Workstation Pro / Player (Workstation)
• VMware Horizon Client for Windows

Multiple vulnerabilities in VMware Workstation and Horizon Client for Windows were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in affected VMware products.

VMware Workstation and Horizon Client for Windows contain multiple out-of-bounds read vulnerabilities in the Cortado ThinPrint component. These issues exist in the TTC and JPEG2000 parsers. VMware has evaluated the severity of these issues to be in the low severity range with a CVSSv3 base score of 3.2.

A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.

To remediate CVE-2021-21987 (TTC parser), CVE-2021-21988 (JPEG2000 parser) and CVE-2021-21989 (TTC parser) apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

None.

None.

Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client for Windows.

VMware would like to thank Anonymous working with Trend Micro's Zero Day Initiative for reporting these issues (CVE-2021-21987, CVE-2021-21988 and CVE-2021-21989) and Hou JingYi (@hjy79425575) of Qihoo 360 for reporting CVE-2021-21987 to us.

VMware Workstation Pro 16.1.2
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html

VMware Workstation Player 16.1.2
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html

VMware Horizon Client 5.5.2
https://my.vmware.com/en/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_horizon_clients/horizon_7_5_0
https://docs.vmware.com/en/VMware-Horizon-Client-for-Windows/5.5.2/rn/horizon-client-windows-552-release-notes.html

TBAMitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21987

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21988

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21989

FIRST CVSSv3 Calculator:

CVE-2021-21987 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

CVE-2021-21988 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

CVE-2021-21989 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

2021-05-20 VMSA-2021-0009
Initial security advisory.

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 

This Security Advisory is posted to the following lists:  

[email protected]  

[email protected]  

[email protected] 

E-mail: [email protected]

PGP key at:

https://kb.vmware.com/kb/1055 

VMware Security Advisories

https://www.vmware.com/security/advisories 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security 

Twitter

https://twitter.com/VMwareSRC

Copyright 2021 VMware Inc. All rights reserved.