9.3

CVE-2012-3569

EPSS 80.64%
Published 14.11.2012 12:30:59
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Ovf Tool Version2.1

Microsoft ≫ Windows

VMware ≫ Workstation Version8.0

VMware ≫ Workstation Version8.0.0.18997

VMware ≫ Workstation Version8.0.1

VMware ≫ Workstation Version8.0.1.27038

VMware ≫ Workstation Version8.0.2

VMware ≫ Workstation Version8.0.3

VMware ≫ Workstation Version8.0.4

VMware ≫ Player Version4.0

VMware ≫ Player Version4.0.0.18997

VMware ≫ Player Version4.0.1

VMware ≫ Player Version4.0.2

VMware ≫ Player Version4.0.3

VMware ≫ Player Version4.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	80.64%	0.99

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://osvdb.org/87117

http://packetstormsecurity.com/files/120101/VMWare-OVF-Tools-Format-String.html

http://secunia.com/advisories/51240

http://technet.microsoft.com/en-us/security/msvr/msvr13-002

http://www.vmware.com/security/advisories/VMSA-2012-0015.html

Patch

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/79922

https://nvd.nist.gov/vuln/detail/CVE-2012-3569

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-3569

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-3569

EUVD