CVE-2012-3569

high

Description

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/79922

http://www.vmware.com/security/advisories/VMSA-2012-0015.html

http://technet.microsoft.com/en-us/security/msvr/msvr13-002

http://secunia.com/advisories/51240

http://packetstormsecurity.com/files/120101/VMWare-OVF-Tools-Format-String.html

http://osvdb.org/87117

Details

Source: Mitre, NVD

Published: 2012-11-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High