Severity: High

 

Summary:  The JavaScript engine that runs Dashboard Extensions in Tableau Desktop has a memory corruption issue.

 

Impact: A malicious Dashboard Extension can cause memory corruption and possibly code execution under the privileges of the user that is running Tableau Desktop.

 

Vulnerable Versions:  The following versions have this vulnerability:

Tableau Desktop 2018.2.0

 

Resolution: The issue can be fixed by upgrading to the following version:

Tableau Desktop 2018.2.2