CERT-MU Vulnerability Note VN-2017-37
VMware Horizon DaaS Input Validation Flaw Lets Remote Users Access Devices and Drives on the Target System
Severity Rating: Medium
- VMware Horizon DaaS version 6.1.x
A vulnerability has been identified in VMware Horizon DaaS and can be exploited by remote attackers to gain access to devices and drives on the target system. The vulnerability exists due to insufficient validation of data. This vulnerability can be exploited by remote attackers by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.
Users are advised to apply updates.
More information about the update is available on:
VMware Security Advisories
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street