9.3

CVE-2012-3569

EPSS 80.64%
Veröffentlicht 14.11.2012 12:30:59
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

VMware ≫ Ovf Tool Version2.1

Microsoft ≫ Windows

VMware ≫ Workstation Version8.0

VMware ≫ Workstation Version8.0.0.18997

VMware ≫ Workstation Version8.0.1

VMware ≫ Workstation Version8.0.1.27038

VMware ≫ Workstation Version8.0.2

VMware ≫ Workstation Version8.0.3

VMware ≫ Workstation Version8.0.4

VMware ≫ Player Version4.0

VMware ≫ Player Version4.0.0.18997

VMware ≫ Player Version4.0.1

VMware ≫ Player Version4.0.2

VMware ≫ Player Version4.0.3

VMware ≫ Player Version4.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	80.64%	0.99

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://osvdb.org/87117

http://packetstormsecurity.com/files/120101/VMWare-OVF-Tools-Format-String.html

http://secunia.com/advisories/51240

http://technet.microsoft.com/en-us/security/msvr/msvr13-002

http://www.vmware.com/security/advisories/VMSA-2012-0015.html

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/79922

https://nvd.nist.gov/vuln/detail/CVE-2012-3569

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-3569

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-3569

EUVD