Format String Vulnerability in VMware OVF Tool and VMware Products
CVE-2012-3569

Currently unrated

Key Information:

Vendor: Vmware
Status: Ovf Tool
Vendor: CVE Published:; 14 November 2012

Summary

A format string vulnerability exists in VMware OVF Tool 2.1 on Windows, affecting users of VMware Workstation and VMware Player prior to specified versions. This weakness allows remote attackers to take advantage of crafted OVF files that may lead to the execution of arbitrary code if successfully manipulated by a user. It poses a significant risk, particularly in environments where user-assisted actions are performed without adequate security measures.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/79922

vdb-entryx_refsource_XF

http://technet.microsoft.com/en-us/security/msvr/msvr13-002

x_refsource_MISC

http://packetstormsecurity.com/files/120101/VMWare-OVF-To...

x_refsource_MISC

EPSS Score

80% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 14, 2012
Vulnerability Reserved
Jun 14, 2012