SAINT CorporationSAINT:55D6FE4B082D59796FE7903258C3F5C1VMware OVF Tool Format String
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 03/15/2013
CVE: CVE-2012-3569
BID: 56468
OSVDB: 87117
Background
VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system.
Problem
The Windows variants of VMWare Workstation versions prior to 8.0.5, VMWare Player versions prior to 4.0.5, and VMWare OVFTool versions prior to 3.0.1 are vulnerable to a format string vulnerability. The vulnerability is due to improper handling of the value of the disk capacityAllocationUnits attribute in the OVF XML file.
Resolution
Update to the latest version of VMWare Workstation, Player, or OVF Tool.
References
<http://www.vmware.com/security/advisories/VMSA-2012-0015.html>
<https://www.vmware.com/support/ws80/doc/releasenotes_workstation_805.html>
<https://www.vmware.com/support/player40/doc/releasenotes_player405.html>
Limitations
This exploit has been tested against VMware OVF Tool 2.1 on Windows XP SP3 English (DEP OptIn).
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%