CVE-2012-3569
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
| Software | From | Fixed in |
|---|---|---|
| vmware / ovf_tool | 2.1 | 2.1.x |
| vmware / workstation | 8.0.3 | 8.0.3.x |
| vmware / workstation | 8.0.0.18997 | 8.0.0.18997.x |
| vmware / workstation | 8.0.1 | 8.0.1.x |
| vmware / workstation | 8.0.2 | 8.0.2.x |
| vmware / workstation | 8.0.1.27038 | 8.0.1.27038.x |
| vmware / workstation | 8.0.4 | 8.0.4.x |
| vmware / workstation | 8.0 | 8.0.x |
| vmware / player | 4.0.3 | 4.0.3.x |
| vmware / player | 4.0.1 | 4.0.1.x |
| vmware / player | 4.0.2 | 4.0.2.x |
| vmware / player | 4.0 | 4.0.x |
| vmware / player | 4.0.4 | 4.0.4.x |
| vmware / player | 4.0.0.18997 | 4.0.0.18997.x |
- http://osvdb.org/87117
- http://packetstormsecurity.com/files/120101/VMWare-OVF-Tools-Format-String.html
- http://secunia.com/advisories/51240
- http://technet.microsoft.com/en-us/security/msvr/msvr13-002
- http://www.vmware.com/security/advisories/VMSA-2012-0015.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79922
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime