CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 03/15/2013
CVE: CVE-2012-3569
BID: 56468
OSVDB: 87117
VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system.
The Windows variants of VMWare Workstation versions prior to 8.0.5, VMWare Player versions prior to 4.0.5, and VMWare OVFTool versions prior to 3.0.1 are vulnerable to a format string vulnerability. The vulnerability is due to improper handling of the value of the disk capacityAllocationUnits attribute in the OVF XML file.
Update to the latest version of VMWare Workstation, Player, or OVF Tool.
<http://www.vmware.com/security/advisories/VMSA-2012-0015.html>
<https://www.vmware.com/support/ws80/doc/releasenotes_workstation_805.html>
<https://www.vmware.com/support/player40/doc/releasenotes_player405.html>
This exploit has been tested against VMware OVF Tool 2.1 on Windows XP SP3 English (DEP OptIn).
Windows