Signature Detail

HTTP: VMware Remote Console HOST and MOID Format String Code Execution

This signature detects attempts to exploit a known code execution vulnerability in VMware Remote Console (VMrc). It is due to a format string error in the VMrc browser plug-in on Windows-based platforms. This can allow remote attackers to execute arbitrary code by enticing the target user to open a maliciously crafted HTML document. In a successful attack, where arbitrary code is injected and executed on the target host, the behavior of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the logged in user. In an unsuccessful attack, a denial-of-service condition can occur on the target system.

Extended Description

VMware Remote Console is prone to a remote format string vulnerability. Successful exploits may allow an attacker to execute arbitrary code. Failed attacks may cause denial-of-service conditions. NOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it.

Affected Products

• VMWare ESX Server 4.0
• VMWare Infrastructure Client (Vsphere) 4

References

• BugTraq: 39396
• CVE: CVE-2009-3732