Signature Detail
Short Name |
APP:VMWARE-OVF-FMTSTR |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
VMware OVF Tools Format String |
Release Date |
2013/02/12 |
Update Number |
2232 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: VMware OVF Tools Format String
This signature detects attempts to exploit a known vulnerability in VMware OVF Tools. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.
Extended Description
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
Affected Products
- vmware ovf_tool 2.1
- vmware player 4.0
- vmware player 4.0.0.18997
- vmware player 4.0.1
- vmware player 4.0.2
- vmware player 4.0.3
- vmware player 4.0.4
- vmware workstation 8.0
- vmware workstation 8.0.0.18997
- vmware workstation 8.0.1
- vmware workstation 8.0.1.27038
- vmware workstation 8.0.2
- vmware workstation 8.0.3
- vmware workstation 8.0.4
References
- BugTraq: 56468
- CVE: CVE-2012-3569