Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:63D9ED7D031D8D2887255F75810FD702
HistoryMar 15, 2013 - 12:00 a.m.

VMware OVF Tool Format String

2013-03-1500:00:00
SAINT Corporation
www.saintcorporation.com
17

EPSS

0.965

Percentile

99.6%

JSON

Added: 03/15/2013
CVE: CVE-2012-3569
BID: 56468
OSVDB: 87117

Background

VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system.

Problem

The Windows variants of VMWare Workstation versions prior to 8.0.5, VMWare Player versions prior to 4.0.5, and VMWare OVFTool versions prior to 3.0.1 are vulnerable to a format string vulnerability. The vulnerability is due to improper handling of the value of the disk capacityAllocationUnits attribute in the OVF XML file.

Resolution

Update to the latest version of VMWare Workstation, Player, or OVF Tool.

References

<http://www.vmware.com/security/advisories/VMSA-2012-0015.html&gt;
<https://www.vmware.com/support/ws80/doc/releasenotes_workstation_805.html&gt;
<https://www.vmware.com/support/player40/doc/releasenotes_player405.html&gt;

Limitations

This exploit has been tested against VMware OVF Tool 2.1 on Windows XP SP3 English (DEP OptIn).

Platforms

Windows

Related

checkpoint_advisories 2
metasploit 2
nvd 1
nessus 1
msvr 1
packetstorm 2
prion 1
saint 3
zdt 2
cve 1
exploitdb 2
cvelist 1
openvas 2
vmware 1
checkpoint_advisories
checkpoint_advisories
VMware OVF Tool Format String - Ver2 (CVE-2012-3569)
2015-05-18 00:00:00
VMware OVF Tool Format String Vulnerability (CVE-2012-3569)
2013-03-21 00:00:00
metasploit
metasploit
VMWare OVF Tools Format String Vulnerability
2013-02-04 15:37:42
VMWare OVF Tools Format String Vulnerability
2013-02-04 15:36:33
nvd
nvd
CVE-2012-3569
2012-11-14 12:30:59
nessus
nessus
VMware OVF Tool 2.1 File Handling Format String Vulnerability (VMSA-2012-0015)
2012-11-28 00:00:00
msvr
msvr
Vulnerability in VMware OVF Tool Could Allow Arbitrary Code Execution
2013-02-19 00:00:00
packetstorm
packetstorm
VMWare OVF Tools Format String
2013-02-06 00:00:00
VMWare OVF Tools Format String
2013-02-06 00:00:00
prion
prion
Format string
2012-11-14 12:30:00
saint
saint
VMware OVF Tool Format String
2013-03-15 00:00:00
VMware OVF Tool Format String
2013-03-15 00:00:00
VMware OVF Tool Format String
2013-03-15 00:00:00
zdt
zdt
VMWare OVF Tools Format String Vulnerability
2013-02-07 00:00:00
VMWare OVF Tools Format String Vulnerability
2013-02-12 00:00:00
cve
cve
CVE-2012-3569
2012-11-14 12:30:59
exploitdb
exploitdb
VMware OVF Tools - Format String (Metasploit) (1)
2013-02-06 00:00:00
VMware OVF Tools - Format String (Metasploit) (2)
2013-02-12 00:00:00
cvelist
cvelist
CVE-2012-3569
2012-11-14 11:00:00
openvas
openvas
VMware Player Code Execution And Privilege Escalation Vulnerabilities (VMSA-2012-0015) - Windows
2017-02-07 00:00:00
VMware Workstation Code Execution And Privilege Escalation Vulnerabilities (VMSA-2012-0015) - Windows
2017-02-07 00:00:00
vmware
vmware
VMware Hosted Products and OVF Tool address security issues
2012-11-08 00:00:00

EPSS

0.965

Percentile

99.6%

JSON
Related for SAINT:63D9ED7D031D8D2887255F75810FD702
checkpoint_advisories2metasploit2nvd1nessus1msvr1packetstorm2prion1saint3zdt2cve1exploitdb2cvelist1openvas2vmware1