Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-3569

CWE-134Uncontrolled Format String5 documents4 sources
Severity
9.3CRITICAL
EPSS
80.6%
top 0.86%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Vmware OVF ToolVmware PlayerVmware Workstation
Timeline
PublishedNov 14
Latest updateMay 17

Description

Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDvmware/player6 versions+5
NVDvmware/workstation7 versions+6

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-8wg2-73cr-jv3q: Format string vulnerability in VMware OVF Tool 22022-05-17
CVEList
CVE-2012-3569: Format string vulnerability in VMware OVF Tool 22012-11-14

💥Exploits & PoCs

2
Exploit-DB
VMware OVF Tools - Format String (Metasploit) (2)2013-02-12
Exploit-DB
VMware OVF Tools - Format String (Metasploit) (1)2013-02-06
CVE-2012-3569 (CRITICAL CVSS 9.3) | Format string vulnerability in VMwa | cvebase.io