CVE-2012-3569

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.

Published: Nov 14, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-3569
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
vmware / ovf_tool	2.1	2.1.x
vmware / workstation	8.0.3	8.0.3.x
vmware / workstation	8.0.0.18997	8.0.0.18997.x
vmware / workstation	8.0.1	8.0.1.x
vmware / workstation	8.0.2	8.0.2.x
vmware / workstation	8.0.1.27038	8.0.1.27038.x
vmware / workstation	8.0.4	8.0.4.x
vmware / workstation	8.0	8.0.x
vmware / player	4.0.3	4.0.3.x
vmware / player	4.0.1	4.0.1.x
vmware / player	4.0.2	4.0.2.x
vmware / player	4.0	4.0.x
vmware / player	4.0.4	4.0.4.x
vmware / player	4.0.0.18997	4.0.0.18997.x

http://osvdb.org/87117
http://packetstormsecurity.com/files/120101/VMWare-OVF-Tools-Format-String.html
http://secunia.com/advisories/51240
http://technet.microsoft.com/en-us/security/msvr/msvr13-002
http://www.vmware.com/security/advisories/VMSA-2012-0015.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/79922

Vulnerability Database

289,697

CVE-2012-3569