CVE-2009-3732

2010-04-1218:30:00

CWE-134

[email protected]

web.nvd.nist.gov

cve-2009-3732

format string vulnerability

vmware-vmrc.exe

vmware remote console

vmrc

arbitrary code execution

remote attackers

6.9 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.912 High

EPSS

Percentile

98.9%

JSON

Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.

CPENameOperatorVersion
vmware:acevmware acelt2.5.4
vmware:acevmware aceeq2.6
vmware:playervmware playerlt2.5.4
vmware:playervmware playereq3.0
vmware:servervmware serverle2.0.2
vmware:workstationvmware workstationlt6.5.4
vmware:workstationvmware workstationeq7.0

CPE	Name	Operator	Version
vmware:ace	vmware ace	lt	2.5.4
vmware:ace	vmware ace	eq	2.6
vmware:player	vmware player	lt	2.5.4
vmware:player	vmware player	eq	3.0
vmware:server	vmware server	le	2.0.2
vmware:workstation	vmware workstation	lt	6.5.4
vmware:workstation	vmware workstation	eq	7.0