Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-37


CERT-MU Vulnerability Note VN-2017-37                                                          
VMware Horizon DaaS Input Validation Flaw Lets Remote Users Access Devices and Drives on the Target System
Severity Rating: Medium
Systems Affected:
  • VMware Horizon DaaS version 6.1.x
Description
A vulnerability has been identified in VMware Horizon DaaS and can be exploited by remote attackers to gain access to devices and drives on the target system. The vulnerability exists due to insufficient validation of data. This vulnerability can be exploited by remote attackers by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.
 
Solution
Users are advised to apply updates.
More information about the update is available on:
 
Vendor Information
VMware
 
CVE Information
 
References
Security Tracker
 
VMware Security Advisories
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis