VMware OVF Tool Format String

2013-03-15T00:00:00
ID SAINT:FC1642580BDD12D138109C29450A7195
Type saint
Reporter SAINT Corporation
Modified 2013-03-15T00:00:00

Description

Added: 03/15/2013
CVE: CVE-2012-3569
BID: 56468
OSVDB: 87117

Background

VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system.

Problem

The Windows variants of VMWare Workstation versions prior to 8.0.5, VMWare Player versions prior to 4.0.5, and VMWare OVFTool versions prior to 3.0.1 are vulnerable to a format string vulnerability. The vulnerability is due to improper handling of the value of the disk capacityAllocationUnits attribute in the OVF XML file.

Resolution

Update to the latest version of VMWare Workstation, Player, or OVF Tool.

References

<http://www.vmware.com/security/advisories/VMSA-2012-0015.html>
<https://www.vmware.com/support/ws80/doc/releasenotes_workstation_805.html>
<https://www.vmware.com/support/player40/doc/releasenotes_player405.html>

Limitations

This exploit has been tested against VMware OVF Tool 2.1 on Windows XP SP3 English (DEP OptIn).

Platforms

Windows