Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3732

CWE-134 — Uncontrolled Format String4 documents4 sources

Severity

10.0CRITICAL

EPSS

30.1%

top 3.34%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vmware ACE Vmware Player Vmware Workstation +1 more

Timeline

PublishedApr 12

Latest updateMay 2

Description

Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDvmware/ace2.5.0 — 2.5.4+1

▶NVDvmware/player2.5.0 — 2.5.4+1

▶NVDvmware/workstation6.5.0 — 6.5.4+1

▶NVDvmware/server2.0.0 — 2.0.2

Patches

Patch: lists.vmware.com ↗Patch: www.vmware.com ↗Patch: lists.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-mw96-29xv-5ppf: Format string vulnerability in vmware-vmrc↗2022-05-02

▶

CVEList

CVE-2009-3732: Format string vulnerability in vmware-vmrc↗2010-04-12

▶

💥Exploits & PoCs

Exploit-DB

VMware Remote Console e.x.p build-158248 - Format String↗2010-04-12

▶