PT-2012-4818 · Vmware · Vmware Player+2

Jeremy Brown

Published

2012-11-14

Updated

2017-08-29

CVE-2012-3569

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VMware OVF Tool version 2.1 VMware Workstation versions 8.0 through 8.0.4 VMware Player versions 4.0 through 4.0.4

Description A format string issue allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.

Recommendations For VMware OVF Tool version 2.1, update to a newer version to mitigate the risk. For VMware Workstation versions 8.0 through 8.0.4, update to version 8.0.5 or later. For VMware Player versions 4.0 through 4.0.4, update to version 4.0.5 or later.

Exploit

Fix

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2012-3569

Affected Products

Vmware Ovf Tool

Vmware Player

Vmware Workstation

PT-2012-4818 · Vmware · Vmware Player+2

CVE-2012-3569

Weakness Enumeration

Related Identifiers

Affected Products

References · 12