Vulnerability Details : CVE-2012-3569
Public exploit exists!
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
Vulnerability category: OverflowExecute code
Products affected by CVE-2012-3569
- cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:4.0.0.18997:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:ovf_tool:2.1:*:*:*:*:*:*:*
Threat overview for CVE-2012-3569
Top countries where our scanners detected CVE-2012-3569
Top open port discovered on systems with this issue
443
IPs affected by CVE-2012-3569 10
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-3569!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-3569
96.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-3569
-
VMWare OVF Tools Format String Vulnerability
Disclosure Date: 2012-11-08First seen: 2020-04-26exploit/windows/browser/ovftool_format_stringThis module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3. -
VMWare OVF Tools Format String Vulnerability
Disclosure Date: 2012-11-08First seen: 2020-04-26exploit/windows/fileformat/ovf_format_stringThis module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.
CVSS scores for CVE-2012-3569
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-3569
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3569
-
http://packetstormsecurity.com/files/120101/VMWare-OVF-Tools-Format-String.html
VMWare OVF Tools Format String ≈ Packet Storm
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79922
VMware OVF Tool format string CVE-2012-3569 Vulnerability Report
-
http://technet.microsoft.com/en-us/security/msvr/msvr13-002
Microsoft Vulnerability Research Advisory MSVR13-002 | Microsoft Docs
-
http://www.vmware.com/security/advisories/VMSA-2012-0015.html
VMSA-2012-0015Patch;Vendor Advisory
Jump to